

USPTO 



STIC Database Tracking N|r|^^ 



TO: Kambiz Zand 
Location: 4C10 
Art Unit: 2132 
Monday, March 29, 2004 

Case Serial Number: 09/598631 



From: Geoffrey St. Leger 
Location: EIC 2100 
PK2-4B30 
Phone: 308-7800 

geoffrey.stleger@uspto.gov 



Search Notes 



Dear Examiner Zand, 

Auached please find the results of your search request for application 09/59863 1. 1 searched Dialog's foreign 
paicni llles. product announcement files and general files. 

Please lei me know if" you have any questions. 




G 

4B30/308 



CD 

CO 

> 

Q 
Q 

O 
O 




File 348:EUROPEAN PATENTS 1978-2004 /Mar W03 

(c) 2004 European Patent Office 
Fi le 349: PCT FULLTEXT 1 97 9-2002/UB=20040325, UT=2004 0318 

(c) 2004 WIPO/Univentio 

Sbl Items Description 

51 807 64 9 TRAFFIC OR PACKET? ? OR FRAME? ? OR DATAGRAM? ? OR FLOW? ? 

OR STREAM? ? 

52 71786 (SI OR DATA OR INFORMATION) (3N) (MALICIOUS OR HARM??? OR DA- 

MAG??? OR DESTRUCTIVE OR UNWANTED OR UNWELCOME OR UNDESIR? OR 
HOSTILE OR DANGER??? OR SUSPECT OR SUSPICIOUS OR ANOMAL? OR M- 
-ALEVOLENT OR IRREGULAR? OR ABNORMAL?) OR ATTACK? 

53 1572 DENIAL (IW) SERVICE OR TEARDROP OR PING { IW ) DEATH OR SMURF 

54 26142 IDS OR NIDS OR INTRUSION? ?( 3N ) DETECT? ?? 

9137 QOS OR QUALITY (IW) SERVICE 
'All LOW??? (2W) PRIORITY 
' -3 HIGH??? (2W) PRIORITY 

PACKET? ?(10N)S5(10N)S6(10N)S7 
3 S2:S4(50N)S8 
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(EA) AM AZ BY KG KZ MD RU TJ TM 
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:-';:I:e:-:c Availability: 
Claims 

Claim 

... a 52 byte payload. The header includes parameters such as priority, 
port number, and egress ID. The reassembled linked-list of buffers that 
constitutes a packet is enqueued on one of four priority output queues 
chat are emptied one GCell at a time, in a high to low priority 
scheme. The dequeued GCells 46 are sent to the Ingress Buffer (IBUF) 48. 
Illustrated IBUF 48 forwards GCells 46 from the FMU 44 to the... are 
enqueued on one of four priority output queues in the FMU Data Memory. 
These queues are emptied one GCell at a time, in a high to low 
priority manner. The Header space in the Data Memory not used during the 
Reassembly is used to fill the Gotham Header. Flow Memory stores 128K 
Flow... data fi-orn a Queue Processor. The whole scheduling process will 
select a specific Queue Processor, one (1) of sixteen (I 6), and a 
specific QoS queue, one (1) of four (4), within the selected Queue 
Processor. Queue Processors are selected on a round robin scheme. The 
QoS queues are selected on 35 a priority scheme, QoS queue zero (0) 
has the highest priority level, and QoS queue three (3) has the 
lowest priority level . 
I 

GS Functions 

The Global Scheduler has to calculate the QoS and Queue Processor 
S'^lr^cc every 1.60 ns . There are three possible criteria to consider in 

' ^ Svi Lecc ion process: 

' . r.i'.ieci iiraffic available, a queue requires... 
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Claims 

Detailed Description 

Accordingly, what is needed is a method of preventing DoS attacks and 
a network device that can perform that method in order to prevent DoS 
attacks from disrupting entire networks. 

DISCLOSURE OF INVENTION 

The present invention provides for a method of preventing DoS attacks . 
The method involves scanning the contents ...non-overlapping offsets, 
and adherence to protocol standards. Data Packets that do not verify may 
be dropped. 

After the contents have been verified, the data packets are checked to 
determine if they are associated with a validated traffic flow. If the 
data packet is associated with a validated traffic flow it is assigned 
to a higher priority quality of service for transmission back 
onto the network. If the data packet is not associated with a validated 
traffic flow it is assigned to a low priority quality of service 
queue, such that data packets in the low priority quality of service 
queue can occupy no more that a predetermined maximum of the available 
p.e' work bandwidth when they are transmitted back onto the network. 

t invencion also includes a network device for preventing DoS 

attacks . The network device includes a traffic flow scanning engine and 

:.r:i.ity of service processor. The traffic flow scanning engine is 
' f v-r -:ble to scan the... 

...passed to the quality of service processor. 

The quality of service processor uses the conclusion from the traffic 
flow scanning engine to place the data packets in the appropriate 
quality of service queue. Data packets associated with validated 
traffic flow are placed in higher priority queues and transmitted 
back onto the network according to the protocol for the particular queue. 
Data packets not assigned to a validated traffic flow are placed in 
low priority QoS queue. Data packets in the low priority QoS queue 



are transmitted onto the network such that they occupy no more than a 
predetermined maximum of available bandwidth, thereby preventing flood 
tyPe DoS attacks . 

The foregoing has outlined, rather broadly, preferred and altemative 
features of the present invention so that those skilled in the art may 
better understand the... 

■'la i. rn 

. . . The method of Claim 5 wherein the validated traffic flows are 
idenuified by a state associated with each traffic flow. 

7 A method of preventing denial of service attacks on a data 
network which includes a plurality of traffic flows each formed by 
multiple data packets having header and payload inf orination, the 
method using a network device comprising a traffic flow scanning engine 
and a quality of service processor having a low priority queue 
and higher priority queues, 
Che method comprising: 

scanninq che header infonnation using the traffic flow scanning engine; 
. -''^r fieri no and reassembling che data packets using the traffic flow 

r.o enqine; fl agging daca packets that do not reorder or reassemble 
::'\' '^ ly CO be dropped; 
;^ -jr.ning che payload contents using the traffic flow scanning engine; 
.ieceinuning whether the data packets confonn to a set of predetennined 
requi rement s ; 

flagging data packets that do not conforin to be dropped; 

checking if the data packets are associated with a validated traffic 

flow; 

and 

assigning data packets to a higher priority quality of service 
if the data packet is associat ( inverted question mark)d with a 
validated traffic flow and to a low priority quality of service 
if the data packet is not associated with a validated traffic flow. 

3 The network device of Claim. 7 wherein the set of predetermined 
requi rerr en ts include packet length... 

...taechod of Claim. 7 wherein the validated traffic flows are identified by 
a state associated with each traffic flow. 

12 A network device for preventing denial of service attacks on a 

data network which includes a plurality of traffic flows each formed by 
aiulciple data packets having contents including header information and 
payioad information... 
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v e5 ri gb gd ge gh gm hr hu id il in is jp ke kg kp kr kz lc lk lr 

lu lv md mg mk mn mw mx no nz pl pt ro ru sd se sg si sk sl tj tm 

tr tt ua ug us uz vn yu za zw gh gm ke ls mw sd sl sz ug zw am az by kg 

kz md ru tj tm at be ch cy de dk es fx fr gb gr ie it lu mc nl pt se bf 

bj cf cg ci cm ga gn gw ml mr ne sn td tg 

Publication Language: English 
Fulltext Word Count: 20504 

Fulltext Availability: 
Detailed Description 

; led Description 

. . . which communicate peer-to-peer over the wireless 

ro link. WFMP actually provides the convergence layer functionality. The 
M 

Router WFIVIP detects flows, allocates RAN 

IDs and informs mobile terminal 
WFMP of the assigned ID value. To minimise the overhead the RAN 
ID may 

be compressed into a shorter radio flow. . . 
, . . scheduling 

queues with different service characteristics, which improves the 
wireless support for broadband services. The radio sub-system handles 
irioos radio queues i.e. radio QoS classes differently. It may have, 
* '::up.i e, three separate buffering queues for the incoming traffic: 
high priority queue for realtime traffic, medium priority queue for 

:, iffie data and low priority 
r.:^ :^- :or best-effort data. Two alternative mechanisms may be used for 
iriripping the QoS requirements of the IP packets into the radio level 
QoS 

functions: direct QoS Mapping or radio flow based QoS mapping of the IP 
packets . 

Direct QoS Mapping 
In the direct . . . 
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Detailed Description 

. . . does not solve the problem 



of data and speech queues affecting the quality of service of 
each other and of continuous bit-rate data fast packets under 
overload conditions. In HOLP, where speech fast packets are 
given a high priority , speech fast packets may affect the 
quality of service of lower priority queues. 

Movable boundary schemes for multiplexing speech and 
data traffic classes of fast packets often have undesirable 
delay jitter and underutilize bandwidth allocated to queues 
hdving no traffic. 
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picducinq units 64 and the upward information packets are included in 
the valid information packets . 
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...SPECIFICATION a basic packet frame used in the practice of this 

invention, where packet containing header and data is delimited by flags; 

Figure 2 shows the valid combination of formatted packet frames 
in which a low - priority packet is preempted by a high - priority 
packet with subsequent automatic resumption; 

Figure 3 shows a combination of packet frames containing a bit error 
which causes a transmission abort; 

Figure 4 shows... of packets and flags when preempt /resume is not 
enabled . 

7E ( { 7E ) ( RTP 7E ) ( 7E ) ( NRTP 7E ) ) 

Under the foregoing rules, the following is a valid combination of 
packets and flags when preempt /resume is enabled : where 
' 0 denotes optional and repeatable fields 
" :) denotes required, repeatable fields 

• represents the bycealigned flag (B'OllllllO', X'7E') 

• ' : : -icr.esenus a high - priority packet 

• ::\'7l represents a low - priority packet 

• : Ni-Tt' represents portions of a preempted low - priority packet 
■ or represents a star t -preempt flag (B' 011111110 ' ) 

• EP represents an end-preempt flag (8*0111111110') 

Figure 1 shows a conventional frame 10 delimited by normal (starting 
and ending) 7E flags 10a and containing both a control header 10b field 
and a data 10c field. 

Figure 2 illustrates in frame sequence 20 a preempt valid 
operation in more detail with the case of a low priority packet being 
preempted by two consecutive high - priority packets. The first field 
20a shows the normal bytealigned starting flag X'7E'. The second field 
20b is an ongoing low - priority packet NRTPl . The third field 20c 
shows a start-preempt or SP flag bit by bit. This SP flag interrupts the 
low-priority packet and... 
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KCl FICATION a basic packet frame used in the practice of this 
i nverrcion, where packet containing header and data is delimited by flags; 

Figure 2 shows the valid combination of formatted packet frames 
in which a low - priority packet is preempted by a high - priority 
packet with subsequent automatic resumption; 

Figure 3 shows a combination of packet frames containing a bit error 
which causes a transmission abort; 

Figure 4 shows ... following is a valid combination of packets and 
flags when preempt /resume is not enabled. (Formula omitted) 

Under the foregoing rules, the following is a valid combination of 
packets and flags when preempt /resume is enabled : (see image in 
original document) 
where 

() denotes optional and repeatable fields 
() denotes required, repeatable fields 

'JZ represents the byte-aligned flag (B ' 01 111110 ' , XWE') 
RTP represents a high - priority packet 
NRTP represents a low - priority packet 

pNRTP represents portions of a preempted low-priority packet 
SP represents a start-preempt flag (B' 011111110 ' ) 
EP represents an end-preempt flag (B. . . 



.by normal (starting and ending) 7E flags 10a and containing both a 
ronrrol header 10b field and a data 10c field. 

Mire 2 illustrates in frame sequence 20 a preempt valid operation 
::. :'::r^- docail wich the case of a low priority packet being preempted 
: • ■onsecutive high - priority packets. The first field 20a shows 
• Doriaai byce-aligned starting flag X'7E'. The second field 20b is an 
.ji.qoing low - priority packet NRTPl . The third field 20c shows a 
sua rt-preempt or SP flag bit by bit. This SP flag interrupts the 
low-priority packet and. . . 
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SPECIFICATION 1 and Low - priority async frames onto ISAP. 
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Detailed Description 
Claims 

English Abstract 

...do not conform to the predetermined requirements (512) may be dropped 
(508). The traffic flow scanning engine is further operable to determine 
whether the data packets are associated with validated traffic 
flows (514). Those data packets associated with validated traffic 
flows are assigned to a higher priority (520) while those not 
associated with a validated traffic flow are assigned to a low 
priority (516), which may occupy no more that a predetermined maximum of 
Che available bandwidth (518). 

Detailed Description 

. . . do not verify may be dropped. 

After the contents have been verified, the data packets are checked to 
determine if they are associated with a validated traffic flow . If 
the data packet is associated with a validated traffic flow it is 
assigned to a higher priority quality of service for transmission 
back onto the network. If the data packet is not associated with a 
validated traffic flow it is assigned to a low priority quality 
' f service queue, such that data packets in the low priority quality 
: s--rv ice queue can occupy no more that a predetermined maximum of the 
jilobie network bandwidth when they are transmitted back onto the 



.of service processor uses the conclusion from the traffic flow scanning 
ertgine to place the data packets in the appropriate quality of service 
queue. Data packets associated with validated traffic flow are 
placed in higher priority queues and transmitted back onto the 
network according to the protocol for the particular queue. Data packets 

not assigned to a validated traffic flow are placed in low 
priority QoS queue. Data packets in the low priority QoS queue are 
L ransmit ted onto the network such that they occupy no more than a 
c r^^de'iermined maximum of available bandwidth, thereby preventing flood 
* DoS. . . 



whether the data packets confonn to a set of predetennined 



requirements ; 

flagging data packets that do not conforin to be dropped; 

checking if the data packets are associated with a validated traffic 
flow ; 

'.tssigning data packets to a higher priority quality of service if 
•^he data packet is associat { inverted question mark)d with a validated 
traffic flow and to a low priority quality of service if the data 
packet is not associated with a validated traffic flow . 

8 The network device of Claim. 7 wherein the set of predetermined 
requirerr . , , ents include packet length, non-overlapping offset fields, 
and. adherence to protocol... 

.a quality of service queue from, a plurality of quality of service 
queues based on the conclusion from, the traffic flow scanning engine, 
wherein data packets from, non- validated traffic flows are 

»: '_o a low priority queue and data packets from validated 

craffic flow are assigned co a higher priority queue based on its 



. ■ r.'ie necwork device of Claim. 12 wherein the low priority queue is 

ossigned a 

maximum percentage of network bandwidth. 

14 The network device of Claim. 12 wherein data packets that do not 
reorder or reassemble... 
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Detailed Description 

... this example, timestamps have the highest priority are read first. New 
packet header information is considered lower priority and CMP packet 



data is considered the lowest priority . The timestamps are assigned 
che highest priority in the first phase to ensure that the PGR 
correction calculation will be completed by the time the resultant data 
is to be inserted into the output packet data stream. As explained above, 

packets having a valid PGR filed are detected and flagged by the 
input processor 120. 

Because the input processor 120 will report whether or not a given packet 
has . . . 
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Detailed Description 

... example, timestamps have the highest priority are read first. New 
packet header infon-nation is considered lower priority and CMP packet 
data is considered the lowest priority . The timestamps are assigned 
the highest priority in the first phase to ensure that the PGR 
-orrecuion calculation will be completed by the time the resultant data 
13 to be inserted into the output packet data stream. As explained above, 
packets having a valid PGR filed are detected and flagged by the 
input processor 120. 

Because the input processor 120 will report whether or not a given packet 
has . . . 
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Detailed Description 

... first phase is dictated by the specific data needed to read the packet 
nr.r: "he data's relative priority. In this example, timestamps have the 
highest priority are read first. New packet header information is 
considered lower priority and CMP packet data is considered the lowest 
priority . The timestamps are assigned the highest priority in the 
first phase to ensure that the PGR correction calculation will be 
completed by the time the resultant data is to be inserted into the 
output packet data stream. As explained above, packets having a valid 
PGR filed are detected and flagged by the input processor 120. 

Because the input processor 120 will report whether or not a given packet 
has . . . 
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Detailed Description 

... lines per niessacre bus. Arbitration is done in a round-robin fashion 
in a centralized arbitration resource located on the system controller 
card 108, with high - priority requests given precedence over low 
priority requests. 

Each message bus includes the following signals. 

FR Frame 604 

15 VALID Valid bit 612 

SOF Start-of- frame 614 

EOF End of frame 616 

DATA[15:01 Data bus signal 61 8 

FC Flow Control 620 

Messages sent over the message bus 102A. . . 
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Detailed Description 

... the packets. Those packets that have been checked are, according to 
this alternate embodiment, distinguished with an asserted predetermined 
flag 515 and are treated as high priority packets. 

.'r ^-'-i : :r:5lly, if firewall 200g at an entry point of the trust domain 150 



cannot keep up with the incoming traffic, the interior trusted switches 
200h need not verify any unverified packets, but rather may choose to 
treat those packets as low priority . That is, those packets that 
are verified are placed on high priority queues {H 218 of Fig. 2) 
within a switch 200 and the unverified packets are placed on low 
priority queues (L 214). The low priority packets are then prone to 
"dropping" (discarding) if the trusted region exceeds a certain bandwidth 
i lizatiion . Thus even chough there is not enough CPU capacity... 
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ABSTRACT 

PROBLEM TO BE SOLVED: To prevent attacks made by attacking packets. 

SOLUTION: This is an infiltration-detecting and infiltration-preventing 
device for detecting the infiltration of attacking IP packets and 
preventing the attack . In addition, there are provided a firewall 
runction means which refers to a fixed rule representing the relation 
becween the header information of preliminarily fixed IP packets, based 
CP. ! he header information of the IP packets received and the attack , 
'::\ : pdsses non- attacking IP packets, while blocking the attacking IP 
: ^-'.'.^is; and a filter-type IDS function means which passes the non- 
attacking IP packets, while blocking the attacking IP packets based on 
ihe payload information of the IP packets which pass the firewall function 
means. The filter-type IDS function part 13, different from conventional 
interception-type IDS , can instantly block the attacking IP packets. 
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ABSTRACT 

PROBLEM TO BE SOLVED: To provide an intrusion detection device capable 
: detecting an unauthorized access intrusion such as DDoS (distributed 
denial of service ) attack automatically with high accuracy. 

SOLUTION: An intrusion detection unit of a router acquires from a 

communication route a packet which reaches at the router, and generates a 
structure corresponding to each session based on network layer data and 
transport lay data described in the header of the packet. This structure 
is discarded when the session is terminated normally. The intrusion 

detection unit inspects the total number n of structures for each 
prescribed period. If there is any structure with a prescribed threshold 
nth or more as a result of the inspection, the unit detects it as the 
unauthorized access intrusion occurrence. Since a structure is generated 
ror each session and the presence/absence of the unauthorized access 

intrusion is detected , based on the number of the generated structures, 
' • attack , which establishes a large volume of different sessions, 

.■ .:e^ected automatically with high accuracy. 
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Abstract (Basic): US 20030236999 Al 

NOVELTY - A packet received at a port is forwarded in a privileged 
':-:.<.s -^-f service, when 'che packet source address is affirmatively 
;■ •■ be properly associated with che port. 

;-:a::j-,[; jEScS^.IPTIOn' - independent claims are also included for the 
. . - w : : ; : 

; 1 ) roucer ; and 

(2) Internet exchange. 

USE - Packet routing control method in Internet for protecting 
servers from malicious attacks such as denial of service (DoS) 

ADVANTAGE - Improving service performance of Internet server by 
preventing DoS congestive attacks . The Internet supporting two 
classes of services can be prevented. 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of 
system with Internet exchange router. 

Internet exchange router (10^) 

connections (112,113) 

pp; 10 DwgNo 1/4 
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Abscracc (Basic): WO 200384184 Al 

NOVELTY - The method involves receiving a request for allocation of 
an address for use by a node for communication, which conform to a 
protocol, and generating a value in response to the request. The 
generated value is combined with information relating to a user of the 
node to generate a unique address, and the address is allocated to the 
node . 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 

: . . . ow i. nc : 

[a] a computer program which, when executed by a processor, 
performs the method of configuring a node 

(b) a tunnel broker for configuring a node. 

USE - Used for facilitating communication between hosts through 
network e.g., Internet. 

ADVANTAGE - The method prevents denial -of- service attack by 
prohibiting the creation of multiple accounts using a single e-mail 
address. The method sends an account password to the e-mail address 
provided by the user, thereby prevents registration of a false e-mail 
address and gaining access to the tunnel broker. 

DESCRIPTION OF DRAWING (S) - The drawing shows a schematic diagram 
of a tunnel broker system. 

Tunnels (1) 

Node (2) 

Tunnel broker (4) 

Internet protocol address (11) 

Counter address (13) 
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Probabilistic packet marking method in network system, involves encoding 
traceback information using specific bits located in packet header and 
terminating traceback path formation when predetermined number of packets 
are received 
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NOVELTY - The Internet protocol (IP) traceback information is 
encoded using b bits located in a paclcet header , where b=l . The IP 
traceback path is formed when packets are received by a destination 
system. The traceback path is terminated after receiving pre-determined 
number of packets. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(1) apparatus for probabilistic packet marking; and 

(2) machine-readable medium storing probabilistic packet marking 
program . 

USE - For probabilistic packet marking (PPM) in network system such 
't> peicket switching network. 

.•U:7ANTAGb - Enables the traceback to occur even when the header 

-'rilue is one, thereby preventing denial of service (DoS) 
attack in packet switched network. 

:)ESCRI?TION OF DRAWING (S) - The figure shows the flow diagram 
e:-;piaining the probabilistic packet marking process. 
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NOVELTY - A portion of data received from a remote source (202), is 
parsed in an intrusion detection system (404) included in a 
firewall device (210) to identify data representing text. The data 
representing text is compared to a predetermined list of data 
representing text, associated with attacks to mark the data 
representing text as hostile , if match is found. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
gateway system. 

USE - For detecting attacks such as information gathering 
attacks , web server denial of service attack , file server remote 
compromise, SYN flood attack , IP spoofing, ACK storms, network 
probes, session hijacking, SNMP attacks , ICMP broadcast flooding, 
land attack , ARP attacks , ghost routing attacks , sequence 
number predict, buffer overflows, mail exploits, authentication race 
attacks , fat ping attack , malformed packet attacks , forged source 
address packets, packet fragmentation attacks , log overflow attacks 
, log manipulation, source routed packets, DNS cache corruption, mail 
spamming, DNS denial of service , FTP bounce or port call attack , 
ICMP protocol tunneling, VPN key generation attacks in networks such 
as LAN, Internet. 

ADVANTAGE - The intrusion detection system efficiently analyzes 
rill Incoming data and identifies threats before hostile data 
:^ n.-:hes iihe switched or segmented network. 

r.-.GCRI PTION OF DRAWING (S) - The figure shows the firewall 
i : i. ceccure , 

remote source (202) 

firewall device (210) 
intrusion detection system (404) 
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Abstract (Basic) : JP 2003099339 A 

NOVELTY - Based on the header information of the received IP 
packet, the setting rule which shows the relationship between the 
header information of a predetermined IP packet and an attack is 



referred. A filter-type IDS function (13) allows passage of the IP 
packet which is not attacked while interrupting the IP packet which 
is attacked , based on payload information of the IP packet which 
passed . 

USE - Used for network security with respect to unauthorized access 
and service impossibility attack . 

ADVANTAGE - Enables defense of internal network from encroachment 
of unsuitable IP packet. 

DESCRIPTION OF DRAWING (S) - The figure shows the. structure of the 
encroachment detection and defense system. (Drawing includes 
non-English language text) 
IDS function (13) 
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Web site protection apparatus from distributed denial-of -services attack 
uses server profile enforcement to stop packets not conforming to 

characteristics of destination and server 
Patent Assignee: LUCENT TECHNOLOGIES INC (LUCE ); BRUSTOLONI J A (BRUS-I) 
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NOVELTY - An Internet service provider (101) has an access gateway 
(103) incorporating a server profile enforcement unit (102), while 
plural clients (104) are connected over access links to the gateway and 
Chen through the Internet (105) to Internet service providers 
(106,111). The server profile enforcement unit monitors packets 
arriving from the clients and drops packets not conforming to the 
profiles of the destination, such as which protocols are allowed by the 
server and destination. 

DETAILED DESCRIPTION - AN INDEPENDENT CLAIM is included for a web 
site protection method from denial -of- service attack . 

USE - Protecting Internet servers from malicious denial -of- 
service attacks . 

DESCRIPTION OF DRAWING (S) - The drawing shows the system 
r V i ce providers (101,106,111) 

:;*-rver profile enforcement unit (102) 
Gateway (103) 



Clients (104) 
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Optical signal multicasting method in WDM network, involves transmitting 

each split version of optical signal over link that is selected based on 

multicast information in header 
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NOVELTY - An optical signal is split optically into two split 
versions of the optical signal at a node. Each split version of the 
optical signal is transmitted over a link that is selected based on 
multicast information in header , with reference to local routes. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for the 
following : 

(1) Data payload multicasting method; 

(2) Header multicasting method; 

(3) Optical signal multicasting system; 

(4) Optical header module; and 

(5) Optical header processor. 

USE - For multicasting optical signal through optical WDM network. 

ADVANTAGE - Increases network survivability and bolsters 
information integrity , while mitigating the effects of eavesdropping, 
misdirection and denial of service attacks . 

DESCRIPTION OF DRAWING (S) - The figure shows a network element for 
multicasting optical signal. 
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Abstract (Basic): WO 200221771 Al 

NOVELTY - A monitor (33) monitors network traffic through the 
;.j*eway (26). A communication unit communicates statistics collected in 
ihe gateway from the monitor with a control center for receiving 
queries or instructions. A filter (35) filters out the packets. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(a) Victim site protection method; 

(b) Computer program product storing victim site protection program 
USE - Gateway device for thwarting denial of service attacks 

in computer network. 

ADVANTAGE - Information exchange between gateways/data collectors 
and control center is efficient by transferring the statistical data or 
minimal header information and by compressing all data. By constantly 
sending more synchronous packets, an attacker can effectively prevent 
server from serving any legitimate connection request. Protects the 
link between wider internet and the attacked data center as well as 
devices within the data center. 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram 
depicting details of placement of gateway. 

Gateway (26) 

Monitor (33) 

Filter (35) 
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Abstract (Basic): EP 1154610 A2 

NOVELTY - The method listens for reception of SYN message sent from 
client unit after server TCP activation and when received, computing a 
sequence number receiver side (ISR) and responding with a SYN-ACK 
message including the ISR. Listening is then resumed. The ISR is 
computed by linking a randomly generated key with a TCP connection ID 
that includes client and server sockets. 

DETAILED DESCRIPTION - After the ISR computation is executed, the 
computation is hashed to obtain a server signature, which is linked 
with a category index referring to a set of predetermined TCP 
connection categories. 

INDEPENDENT CLAIMS are included for: 

(1) a system for defeating TCP SYN flooding attacks , 

(2) a computer program. 

USE - Method is for preventing denial -of- service attacks (SYN 

flooding) on Web sites. 

ADVANTAGE - Method allows validation of TCP target requests and 
: rs :!Oi: require the allocation of any resources in the target device. 

[;[-:SCRI PTION OF DRAWING (S) - The figure shows how standard FSM 
;::n.ice state machine) is changed, 
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Abstract (Basic): WO 200067460 Al 

NOVELTY - The data defining sub-periods which divide a base time 
period, is received. A profile of recent behavior of each sub-period, 
is created. The received event data pac)cet is allocated to 
corresponding sub-period, according to time indication associated with 
the packet. 

DETAILED DESCRIPTION - The historical profiles of each sub-period, 
is updated at the end of base time period and recent profile is reset. 
INDEPENDENT CLAIMS are also included for the following: 

(a) method of performing anomaly detection in event data pac)^et 

s c ream; 

(b) method of account fraud detection; 

(c) method of network intrusion detection ; 

(d) packet flow profiling system; 
anomaly detection system; 

: L ) account fraud detection system; 

(Cj) network intrusion detection system; 

(h) program product 

USE - For telephony fraud detection using call detail records, 
anomaly detection on data streams, network intrusion detection 
using audit log data or IP packet data and for rapid detection of 
behavioral changes. 

ADVANTAGE - The polls of event data can be of any size, allowing 
the profiles to be produced by the system to maintain their integrity 
. Polls of data for very small periods can be handled easily. The 
system is suitable for real time and bulk batch feeds of poll data. 
There is no burden on end user to divide event data into fixed size 
chunks. The profiles represent the behavior of user, accurately. 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of 
behavioral pattern recognition system. 

pp; 26 DwgNo 2/2 

Title Terms: EVENT; DATA; PACKET; FLOW; PROFILE; TELEPHONE; FRAUD; DETECT; 

ALLOCATE; RECEIVE; EVENT; DATA; PACKET; CORRESPOND; SUB; PERIOD; ACCORD; 

TIME; INDICATE; PACKET 
Derwent Class: TOl; WOl 

International Patent Class (Main) : H04M-015/00 
International Patent Class (Additional): G06F-001/00 
File Segment: EPI 



19/5/13 (Item 11 from file: 350) 

: ■ i^: P: le 350:Derwent: WPIX 
• . ' -A Thomson Derwent:. All rts. reserv. 

:':i38b609 "-"Image available'* 

WPI Acc No: 2000-558547/200051 

XRPX Acc No: NOO-413308 

Provisioning user's broadband telephony interface in broadband telephony 
network, involves encrypting and transmitting cryptographic key 
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Abstract (Basic): WO 200052905 A2 

NOVELTY - The method begins by receiving the information 
authenticating a provisioning server (140). A communication channel 
between a user and the provisioning server is then established for 
transmitting the authorization information from the user to the 
provisioning server, A cryptographic key, associated with the user, is 
■hen encrypted and transmitted to the provisioning server. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
the broadband telephony interface. 

USE - Used in a broadband telephony network or with other 
packet-switched architectures or hybrid network architecture. 

ADVANTAGE - Prevents service theft since protections are maintained 
to limit service to authorized subject to proper accounting. Protects 
privacy and integrity of signaling and media traffic. Protects 
integrity of called number to prevent a range of attacks on service 
including one in which attacker tries to steal business from 
competitor by misrouting calls. Abides by government wire tap laws e.g. 
Communications Assistance for Law Enforcement Act of 1994 . Discourages 
denial of service attacks . Provides correct functionality of 
conventional telephony features. Provides administrative level and 
v-^'s or privilege to system. 
' :.:-.SCRi PTION OF DRAWING (S) - The figure shows a broadband 

• -fn;.;rj i ca t i on network using the broadband telephony interface 
r. : ; V i s i o n i n g me t h od . 

Provisioning server (140) 
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cract (Basic) : WO 9955052 Al 

NOVELTY - A packet (300) including a header (302) is received by 
a router. The router determines the existence of a signature (310) in 
the header . The validity of the signature is determined using a 
public key and the packet is forwarded in accordance with the validity 
of the signature. 

DETAILED DESCRIPTION - The sender of the packet uses a private key 
obtained from owner to generate the signature. The signature is created 
by encrypting a fingerprint which corresponds to the data (304) in the 
packet . The fingerprint is decrypted using the public key of the sender 
'zwd '-\\e decrypted fingerprint is compared with the fingerprint in the 

'zherk the validity of the signature. The packet is discarded if 
* .M-; invalid signacure. INDEPENDENT CLAIMS are also included for 

' I o 1 lowing : 

(a) packet filtering apparatus; 

(b) packet sending apparatus; 

(c) packet sending method; 

(d) computer program product 

USE - For filtering packets in networks. 

ADVANTAGE - Avoids wasting router bandwidth and resources on 
processing packet associated with unauthorized senders. The router 
filters packets in accordance with a predetermined router limit, such a 
predetermined rate limit is useful in preventing denial of service 
attacks in which an unauthorized sender sends numerous unauthorized 
packets to the router. 
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ABSTRACT 

rROELRM TO BE SOLVED: To limit uhe transmission band of offensive traffic 
r ^ distribuced denial of service (DDoS) attack while securing 

■ ::i::.-j::icouion uracfic for regular users. 

SOLUTION: When the suspicious offensive packet of the DDoS attack is 
deuecced, a gate device 2001 transmits the suspicious signature and the 
regular condition of the suspicious offensive packet to upstream 
communication devices 2002 and 2003. Each of the communication devices 2002 
and 2003 cancels the transmission band limitation of the packet 
identified from the regular condition and a regular signature created based 
upon the suspicious signature while limiting the transmission band of the 

packet identified from the suspicious signature. Further, each of the 
communication devices 2003 and 2003 transmits the suspicious signature and 
the regular condition to further upstream communication devices to report 
the suspicious signature and the regular condition to the upper- most 
stream communication device in the recursive manner and each communication 
device further limits the band by detecting the offensive packet from the 

suspicious offensive packets while implementing the band limitation of 
:,h;^ suspicious offensive packet . 
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ABSTRACT 

• :-.':PLKM TO BE SOLVED: To provide a device and method for preventing a 
denial of service attack that can protect itself against the denial 
oiT service attack independently of whether or not a sender address is 

arrogated and to provide a computer program. 



.'MIXTION: A mobile packet filtering program of this invention installed 
: : roucer 102 qeneraces a copy of its own program and moves the 

1 . *' :r:.i*:ers 106, 107, 109, 1 10. The mobile packet filtering program 
• : ' c -'.'och router do not pass all traffics sent from hosts 113, 114, 
• , : ' cr distribution type DoS ( Denial of Service ) attackers to a 
• 101. When the attack is finished, the mobile packet filtering 

program deletes itself. 
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Network system tracks sending station of attack packet , when each 
router detects specific bit pattern and corresponding attack packet 
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A:^s^rdct: (Basic): JP 2003333092 A 

NOVELTY - The network system has several routers (11-15, 21-23) 
chat require monitoring of a packet with respect to all adjacent 
routers. The system tracks the sending station of an attack packet , 
when each router detects specific bit pattern and a corresponding 
attack packet . 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(1) attack packet tracking method; and 

(2) attack packet defense method. 
USE - Network system. 

ADVANTAGE - The attack origin is specified, even when irregular 
traffic by denial of service (DOS) attack is generated. The 
consumption of network resource by irregular traffic , is reduced. 

DESCRIPTION OF DRAWING (S) - The figure shows a schematic view of 
the network system. 

edge router (11-15) 

core router (21-23) 

host (31) 
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Server protection system for Internet, detects source address of client 



terminal from which denial of service 
corresponding router and discards packet 
terminal 
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rriority Applications (No Type Date) : JP 200297051 A 20020329 
Patient Details: 
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Abstract (Basic): JP 2003298628 A 

NOVELTY - A server (11) processes service requests received from 
client terminals (13a-13d) through routers (12a-12f). When the server 
receives denial of service attack along with service request, the 
source address of client terminal is detected. The router through which 
the service request is transmitted is retracted from the detected 
address, and packet transmitted from terminal corresponding to the 
:: ::*^ss is discarded. 

IKTAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 



; 1 ; server ; and 
(2) router. 

USE - For protecting server connected to Internet. 
ADVANTAGE - Prevents unauthorized access to server by using false 
address . 

DESCRIPTION OF DRAWING (S) - The figure shows the structure of 
server protection system. (Drawing includes non-English language text). 

server protection system (10) 

server (11) 

routers (12a-12f) 

client terminals (13a-13d) 

authentication server (14) 
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Monitoring device for thwarting denial of service attacks on data 
center, collects statistical information on packets sent between 
network and data center, by assuming that monitoring device is provided 
on downstream links 
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Number of Countries: 001 Number of Patents: 001 
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Abstract (Basic): US 20030145233 Al 

NOVELTY - The monitoring device such as a data collector (28) and a 
gateway (26), collects statistical information on packets sent 
oo*:ween che network and a data center (20), by assuming that the 
jriueway is provided on downstream links, to examine traffic between a 
j:«r.work and the data center. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
Loll owing : 

(1) method of thwarting denial of service attacks on victim 
data center; and 

(2) arrangement for thwarting denial of service attacks on 
victim data center. 

USE - For thwarting denial of service attacks on computer 
system in data center. 

ADVANTAGE - Provides monitoring capabilities for hosted customers 
equivalent to placing physical monitors on customer's individual access 
] : : . k s . 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of 
•:ne computer network. 

victim data center (12) 
data centers {20a-20c) 
control center (24) 
gateway (26) 
data collector (28) 
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Abstract (Basic): US 20030145232 Al 

NOVELTY - The method involves indicating an attack on a victim 
.■:-e, if the network parameter values (0 and 1) exceed the normal 
"j.j.rs. A histogram is built for the parameters to compute outliers in 
: parainecer and classify the attack . The network packets are 
:i*-fc!red based on the characteristics of the attack . 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(1) method for thwarting denial of service attacks on data 
center; 

(2) monitoring device for thwarting denial of service attacks 
on a data center; 



.'cmpucer program product for network traffic monitoring method; 

[4) method of protecting victim site during denial of service 
attack ; and 

(5) method to reduce blocking of legitimate traffic in process to 
protect victim site during denial of service attack . 

USE - For monitoring traffic in transmission control protocol (TCP) 
network, user datagram protocol (UDP) , and Internet control message 
protocol (ICMP) networks. 

ADVANTAGE - Determines and detects network packets that are 
pore ion of denial of service attack and protects links between 
•.he Internet and attacked data center. 

DESCRIPTION OF DRAWING (S) - The figure shows the flowchart 
e.xplaining the network traffic monitoring process. 
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A:;.sr.racc (Basic): US 20030084317 Al 

NOVELTY - The firewalls include hardware and software for providing 
non-redundant connection (46) between networks (18,22) and for 
controlling packet transmission between networks. The data packets 
(38) received at the firewall are classified based on consumption of 
resources and the packet transmission rate is limited to a maximum 
acceptable transmission rate (62) associated with each class (66) of 
received data packet . 

USE - For managing traffic between networks such as local area 
networks . 

ADVANTAGE - By using the non-redundant network connection, the 
effects of packet flooding and other over usage type distributed 
denial of service attacks emanating from inside the local area 
network, are minimized. Permits the use of insecure public networks in 



constructing a wide area network (WAN) that includes both private and 
public network segments. Maximizes the utilization of data packet 
handling resource within local area network (LAN) . 

DESCRIPTION OF DRAWING (S) - The figure shows a schematic view of 
the packet transmission control system. 

traffic (14) 

networks (18,22) 

computers (26) 

conununicat ion lines (34) 

data packets (38) 

firewall (42) 

non-redundant connection (46) 

maximum acceptable transmission rate (62) 

class of data packet (66) 
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General packet radio service tunneling protocol packet filtration 
method involves dropping data packets that do not meet filtering 
criteria, from signaling messages 
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Abstract (Basic) : US 20030081607 Al 

NOVELTY - The general packet radio service (GPRS) tunneling 
prcLocol (GTP) signaling messages such as GTP path management, GTP 
Mjnnel management, GTP mobility management and GTP location management 
:u-3ssaqes are analyzed against many filtering criteria. The data 
packets that do not meet the filtering criteria are dropped while 
fussing che data packets that meet the criteria. 

USE - For filtering internet protocol (IP) packets in general 
packet radio service (GRPS) tunneling protocol (GTP) signaling 



messages that are transmit ced between GPRS service nodes (GSNs) in GPRS 

r.*^*: wcr k . 

a:?7AN'TAGE - The filtration of IP packets limit the effects of 
denial of service (DOS) attacks , malicious attacks session and 
* ,^:;el hijacking and bandwidth soaked attacks on the OTP messages. 

LJESCRIPTION OF DRAWING (S) - The figure shows the flowchart 
illuscrating the GTP packet filtration process. 
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Method for recognizing and refusing denial attacks involves keeping 
network connection after receiving acknowledgement signal and forwarding 
data packet after confirming validity of IP connection 

Patent Assignee: GEIS C (GEIS-I); PAUSCH E (PAUS-I); SOYSAL T (SOYS-I) 

Inventor: GEIS C; PAUSCH E; SOYSAL T 

'v;'::nber of Countries: 001 Number of Patents: 001 

Nt? Kind Date Applicat No Kind Date Week 

^.0;1659^3 Al 20030403 US 2001966019 A 20010928 200339 B 

Prioricy Applications (No Type Date) : US 2001966019 A 20010928 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
US 20030065943 Al 20 G06F-011/30 

Abstract (Basic) : US 20030065943 Al 

NOVELTY - The method involves checking the validity of the 
registered IP (Internet protocol) connection request and the registered 
data packet . The network connection is kept upon receiving a periodic 
acknowledgement signal and data packet is forwarded to a target 
system after receiving confirmation of the validity of IP connection 
request . 

DETAILED DESCRIPTION - A computer program run in an electronic 
intermediary device for implementing a defense against the Dos ( denial 

of service and DDoS (distributed denial of service ) attacks 
for each IP connection request. 

USE - For recognizing and refusing denial of service or 
distributed denial of service attacks on server systems. 

ADVANTAGE - Provides defense against DoS and DDoS attacks on 
server systems of network system providers, thus computer system is 
kept stable and efficient over long period. 

DESCRIPTION OF DRAWING (S) - The figure is the schematic description 
: "ornpucer system connected to the Internet. 
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System for interrupting denial of service attack and method 

therefor 

Patent Assignee: KT CORP (KTKT-N) 
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Number of Countries: 001 Number of Patents: 001 
Patent Family: 

Pacenc No Kind Date Applicat No Kind Date Week 

KR 2003009887 A 20030205 KR 200144551 A 20010724 200338 B 

Priority Applications (No Type Date): KR 200144551 A 20010724 
Pacenc Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
KR 2003009887 A 1 H04L-012/22 

Abstract (Basic): KR 2003009887 A 

NOVELTY - A system for interrupting DoS ( Denial of Service ) 
attack and a method therefor are provided to fundamentally interrupt 
Che DoS attack by efficiently coping with the DoS attack through 
TM-ilysLs traffic volume relaced to a destination address. 

'F.TA:l.£D description - A host connecting terminal analyzes the 
br:r.dwidch by analyzing a protocol of packets . The host 
• 1 n J cerminal compares a bandwidth assigned to the corresponding 

f.rococol with the current bandwidth. If the current bandwidth of the 
host connecting terminal is smaller than the assigned bandwidth, the 
corresponding packet is transmitted to a destination. If the current 
bandwidth of the host connecting terminal is larger than the assigned 
bandwidth, the corresponding packet is abandoned, 
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NOVELTY - A burst load is applied to each selected network elements 
such as links, routers. The changes in the received packet rate, are 
measured for the selected network elements, in response to the 
application of the burst load. A potential source of the packet 
sequence is determined, based on the measured changes. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is included for 
packets sequence tracing apparatus. 

USE - For tracing sequence of packets transmitted through 



conununication networks such as Internet, intranet, LAN, etc. 

ADVANTAGE - By the application of burst load to various network 
elements, the source host of denial of service (DoS) attack to 
the target host, is determined easily, if the rate is altered upon 
incroduction of the burst load, without co-operation from ISPs along 
:.he pach. 

DESCRIPTION OF DRAWING (S) - The figure shows a flowchart explaining 
: n-i packets tracing process, 
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Protection against spoofed message DoS attacks for Internet, comprising 
when receiving DNS request from source IP address for domain name data, 
intercepting it before delivery and submitting to destination depending 
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Abstract (Basic): WO 200325697 A2 

NOVELTY - A method for authent 
comprising: receiving a first DNS 
sent over a network from a source 
: r'Vv'ide network information regard 
r-vrelving the first request compri 
rior to its delivery to a destina 
s'jbmicting it to the destination a 
authenticity of the first request, 
network IP address associated with 
DETAILED DESCRIPTION - The met 
traffic, also comprising: sending 
in reply to the first DNS request, 
information in the response, where 



icating communication traffic, 
request comprising data packets , 
Internet Protocol (IP) address, to 
ing a given domain name, where 
ses intercepting the first request 
tion IP address, and comprising 
ddress responsiveiy to the assessed 

where the information comprises a 

the domain name, 
hod for authenticating communication 
a DNS response to the source address 

the DNS response comprising encoding 

encoding the information comprises 



' -. ':v::r::; the inf ormauion in an artificial domain name, and where 
r*^;:eivinq the second DNS request comprising data packets and 
receiving a query for the network information corresponding to the 
artificial domain name, and where assessing the authenticity comprises 
checking the second DNS request for the encoded information; receiving 
a second DNS request from the source IP address in reply to the DNS 
response; and assessing authenticity of the first DNS request based on 
the second DNS request which comprises discarding the first request if 
it is not assessed to be authentic; if the first request is assessed to 
be authentic, sending a further DNS response to the source IP address 
containing the network information corresponding to the domain name. 
Assessing the authenticity also comprises making a record of the source 
address as an authentic IP address, and where submitting the first 
request comprises verifying the source address based on the record, and 
allowing the network information to be furnished to the verified source 
IP address. 

INDEPENDENT CLAIMS are also included for the following: 

(1) An apparatus fro authenticating communication traffic. 

(2) A computer program, 

USE - Protection against spoofed message, Denial -of- Service 
attacks in computer networks, where an attacker bombards a victim 
network or server with a large volume of message traffic with the aim 
of causing a traffic overload that consumes the victims available 
nerwork bandwidth, CPU capacity, or other critical system resources, 
-j.-id ^^venLuaily brings the victim's network to a situation in which ii 
,s ,;:.dnle to serve its legitimate clients. 

ADVANTAGE - Provides detection of spoofed packets { packets 
;:oncaining a bogus IP source address, making it difficult for the 
victim network to defend itself against attack ) and particularly for 
distinguishing between spoofed and authentic Domain Name System (DNS) 
requests . 

DESCRIPTION OF DRAWING (S) - The drawing shows a block diagram that 
schematically illustrates a network system configured for protection 
against Denial -of- Service (DoS) attacks . 
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Electronic commerce site protection apparatus from distributed denial 
-of- service attacks by designating favored clients as very important 
persons to receive privileged class of service 
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NOVELTY - An Internet service provider (101) supporting two classes 
of service incorporates VIP gateways (102-104) and plural clients (105) 
are connected over access links to the gateways. Packets are 
cransmitted in both directions and a regular client becomes a selected 
client when the E-merchant (118) grants a VIP right according to 
merchant selected criteria and then receives a privileged class of 
service until revoked by the merchant. 

DETAILED DESCRIPTION - AN INDEPENDENT CLAIM is included for a 
method of protecting electronic commerce sites from denial -of- 
service attacks 

USE - Protecting services on the Internet from malicious attacks . 

ADVANTAGE - Limiting loss from congestion. 

DESCRIPTION OP DRAWING (S) - The drawing shows the system 

Service provider (101) 

Gaceways (102-104 ) 

Clients (105) 

E-merchant (118) 
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: :Basic) : WO 20031940^ Ai 

NOVELTY - The method involves receiving a data packet sent over a 
:.-.- work from a source address to a destination address. A value of a 
rieid is read from the packet that is indicative of a number of hops 
traversed by the packet since having been sent from the source 
address. Authenticity of the source address is assessed responsive to 
the value. Assessing the authenticity involves comparing the value of 
the field to a reference value associated with the source address. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(a) an apparatus for authenticating packet communication traffic; 

(b) a computer software product. 
USE - For computer networks. 

ADVANTAGE - Protects against denial of service attacks in 
computer networks. 

- The figure shows a computer network 



DESCRIPTION OF DRAWING (S) 
system. 
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Policy management system for networks e.g. internet, determines network 
policy for each data packet based on corresponding classification 
identifier to direct data packet according to treatment specified in 
policy 
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Abstract (Basic) : US 20020143948 Al 

NOVELTY - A processing engine associates each data packet 
received by a network interface with corresponding class identifier. 
The processing engine retrieves from a database a programmable network 
policy corresponding to the class identifier and directs the data 
packet through the network according to a treatment specified in the 
network policy. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is included for network 
processing system and management interface. 

USE - For performing policy management for networks such as 
internet providing services such as e-mail, e-commerce, voice over IP 
(VoIP) and web-browsing. 

ADVANTAGE - By determining the proper treatment for each data 
packet , the network identifies and filters out security problems such 
as e-mail worms, viruses, denial of service (DoS) attacks and 
illegal hacking. The intelligent network also enables hosting companies 
and service providers to regulate the bandwidth amount allotted to 
customers and charge precisely for bandwidth and security features. 

DESCRIPTION OF DRAWING (S) - The figure shows the configuration of 
linage builder used in network processing system, 
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US 20020166063 Al H04L-009/00 Provisional application US 2001272712 

Abscract: (Basic) : WO 200271227 Al 

NOVELTY - Method consists in passively collecting a data packet 
from data received by the host network comprising information 
indicating the attack , comparing its information with a signature of 
an attack type and detecting the attack . A pathway is provided for 



an offensive counter measure against the source of the attack . 

DETAILED DESCRIPTION - There is an INDEPENDENT CLAIM for a computer 
program for protecting a host network against a flood-type denial of 
service attack 

USE - Method is for preventing network flood interruptions without 
disrupting normal network operations. 

DESCRIPTION OF DRAWING (S) - The figure shows a flow chart of the 
method for detecting and countering a network attack . 
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Abstract (Basic): JP 2002158699 A 

NOVELTY - A safety identifier of specific type is added to the 
communication packet depending on the degree of safety confirmation 
wich respect to the communication packet . The priority is controlled 
based on the safety identifier, by providing a delivery ward on the 
path of the communication packet . 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for the 
following : 

(1) Service refusal attack prevention apparatus; 

(2) Service refusal attack prevention system; and Recorded medium 
storing service refusal attack prevention program. 

USE - For preventing service refusal attack or denial of 
service (DoS) attack for packet communication through internet. 

ADVANTAGE - Provides countermeasure for an address indeterminate 
from DOS attack . 

DF.SCRIPTION OF DRAWING (S) - The figure shows the block diagram of 
attack prevention apparatus, (Drawing includes non-English 
. r-ci je cext ) . 
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Denial -of- service attacks protection system for communication 

network, determines whether each of packets intended for victim device 

is related to DoS attack 
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Abstract (Basic) : WO 200225402 A2 

NOVELTY - A service provider (116) receives signal indicating 
detection of denial -of- service (DoS) attack and packets 
intended for a victim device. A triage device (140) receives the 
packets to determine whether each of the packets is related to the 
DoS attack , and forwards the packets that are unrelated to the DoS 
attack to the victim device. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(a) Denial -of- service attacks protection method; 

(b) Denial -of- service attacks protecting device; 

(c) Computer readable medium storing denial -of- service attacks 
protection program; 

(d) Attack detection sensor 

USE - For protecting communication networks and devices from 
denial -of- service (DoS) attacks . 

ADVANTAGE - The triage device diverts the brunt of the attack 
from the targets, thereby allowing the targets to continue their 
operation during DoS attack . Even DoS attacks that can overwhelm 
•no access link capacity of the target can be handled by the triage 

since the service provider can provide very high capacity 
: : -f^ss links for this service. The network devices can be configured to 
: r. oraai;ically detect the DoS attacks and trigger the invocation of 
iihe criage device and attacked hosts can request the invocation of 
Che triage device through any available communication channels. 

DESCRIPTION OF DRAWING (S) - The figure shows explanatory view of . 
the explanatory network in which DoS attack protection system is 
implemented. 

Service provider (116) 

Triage device (140) 
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Abstract (Basic) : WO 200221800 Al 

NOVELTY - A collector (20) receives data statistics from the 
computer network and generates a signal representing data packet 
flow anomalies . A controller (24) responds to the generated signals 
by tracking attributes related to the data packet flow anomalies 

and blocks specific data packet flow anomalies using a 
ri leering mechanism. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
denial of service attacks detection, tracking and blocking method. 

USE - For detecting, tracking and blocking denial of service 
(DoS) in local and remote computer network such as internet. 

ADVANTAGE - Avoids or shuts down the DoS attack effectively by 
blocking data packet flow anomalies . 

DESCRIPTION OF DRAWING (S) - The figure shows a partially exploded 
view of a computer network. 

Collector (20) 

Controller (24) 
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Data collector for thwart denial of service attack in internet, has 

sampling device to sample packet traffic, accumulate and collect 

statistical information about network flow 
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Abstract (Basic) : WO 200221302 Al 

NOVELTY - A computing device samples packet traffic, accumulates 
and collects statistical information about a network flow. The data 
collectors (28) over a redundant network (30) are linked by a port, to 
a central control center. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(a) Data collection method; 

(b) Computer program product 

USE - For thwart denial of service attacks in internet. 

ADVANTAGE - The redundant network is not accessible to the 
attacker . Data collectors are positioned at network switching points, 
thus the required number of deployed data collectors is minimized. 

DESCRIPTION OF DRAWING (S) - The figure shows a block diagram of 
placement of the data collectors. 

Data collectors (28) 

Redundant network (30) 
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Victim site protecting method in computer network, involves sending 



queries to data collectors requesting information to determine source of 

suspicious network traffic sent to victim 
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NOVELTY - Queries are sent to data collectors (28) requesting 
information to determine the source of suspicious network traffic , 
indicated by packets with faked, random source addresses that change 
with time, based on victim destination address. A gateway (26) 
associated with victim data center, in instructed to block malicious 
traffic , when the attacker is behind gateway. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
denial of service attack thwart system. 

USE - In computer networks like internet. 

ADVANTAGE - By providing a distributed solution to thwarting 
denial of service attacks , the attacks are stopped near their 
source, protecting the links between the wider internet and the 
attacked data center as well as devices within the data center. The 
availability of information from data collectors increases the speed 
with which the attackers are discovered. 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of 
networked computers. 

Gateway (26) 

Data collectors (28) 
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MOVbLTY - A procection module decomposes packets , when detected 
o i sn r ibu ted service denial is judged. The addresses of a communication 
device close to the attack sources are identified and are transmitted 
CO the device by transmitter. The address of the device to be chosen at 
the upstream defense position, is extracted and accordingly a 
protection module is transmitted. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(a) Communication system; 

(b) Denial of service attack protection method; 

(c) Recorded medium storing program for defending against 
distributed denial of service attacks 

USE - For managing distributed denial of service attacks in 

ne?:work e.g LAN, internet. 

ADVANTAGE - Minimizes che effect of the attack packets to a 
: oca I icy near the attack source and inhibits the harmful effects on 
'.he necwork, thereby communication security is enhanced. Enables 
countering service attacks regardless of legitimacy of the source 
addresses . 

DESCRIPTION OF DRAWING (S) - The figure shows a flowchart 
illustrating procedure for mobile packet filtering process, 
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Abstract (Basic): US 20020032871 Al 

NOVELTY - A collector (20) receives and processes the data 
statistics from the computer network to detect data packet flow 
anomalies and generates signal representing the data packet flow 

anomalies . A controller (24) responds to the signal and tracks the 
attributes related to the anomalies to the source and blocks the 
anomalies . 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
denial of service (DoS) attacks detection, tracking and blocking 
method . 

USE - For detecting, tracking and blocking denial of service 
attacks over local or remote computer networks. 

ADVANTAGE - The filtering system allows critical cormnunication 
. fM vices between computer system that deteriorate inter and intra 
■;mp'jter system communications. The characteristics related to denial 
OL service attacks are practical for network engineers and 
operators to accomplish by inspection alone. 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram 
exemplifying DoS attack . 

Collector (20) 

Controller (24) 
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Abstract (Basic): US 20020032774 Al 

NOVELTY - The network packets with faked source addresses are 
received and information indicating that victim site is under attack , 



is received. The queries are sent to data collectors to request 
information for determining the source of suspicious network traffic 
be sent to victim site. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
system to thwart denial of service attacks on a victim site. 

USE - To protect a victim site such as web site or other network 
site against denial of service (DoS) attack in Internet 
applications . 

ADVANTAGE - Availability of information from data collector 
increases the speed with which attackers are discovered and controls 
router's behavior when implemented on computer system. 

DESCRIPTION OF DRAWING (S) - The figure shows an explanatory view of 
the technique to gather statistics for use in algorithms that determine 
sources of attack . 
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Abstract (Basic) : WO 200230063 Al 

NOVELTY - The rate of packet discard is determined based on the 
offered load constituted by the received packets . The data packets 
are discarded based on an instantaneous approximation of the offered 
load . 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is included for 
controller which controls information flow. 



USE - Used in telecommunication systems. 

ADVANTAGE - If the offered load results in a transported load 
exceeding the upper threshold level, the transported load may be 
reduced below the upper threshold level, by selectively discarding 
packets which helps to avoid burst loss and reduces arrival rate of 
stream. The queue memory and packet identifiers ensure that the 
original position in sequence of each individual packet is not lost 
in the multiplexing operation. There can be different characteristics 
defined for various load levels that is quality can be up-graded or 
down-graded as the arrival of rate increases. Thus, the transport 
characteristics are configured to better match the application 
requirements to avoid the effects of abnormal offered load e.g. denial 
of service attacks . 

DESCRIPTION OF DRAWING (S) - The figure illustrates the principle of 
defining a transported load in dependence on an offered load in 
information flow control method. 
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Abstract (Basic) : WO 200182548 A2 

NOVELTY - A multicast address hopping technique (MAHT) receiver 
(100) is connected through a router (106) to an autonomous system 
(104), formed by connected routers of the Internet, and a MAHT 
transmitter (102) is also connected through a router (108) . A chosen 
multicast Internet Protocol (IP) address is selectively varied 
according to a predetermined scheme known to the end stations or by 
randomly hopping between addresses, and communicating packets on the 
chosen IP address. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for a 
system for communicating multicast packets between end stations. 



USE - The method of communicating multicast packets is used for 
protecting Internet sites against denial of service attacks . 

ADVANTAGE - The method prevents unauthorized personnel from knowing 
which address to disrupt or monitor for traffic between end stations. 
Addresses are dropped and added to limit the time for an attacker . 
The unicast data received can be filtered and the rate of communicating 
Che multicast packets limited to lessen the consumption of the 
protected site's resources. 

DESCRIPTION OF DRAWING (S) - The figure shows a schematic diagram of 
the general architecture of a system using a multicast hopping 
technique of communicating multicast packets . 

MAHT receiver (100) 

MAHT transmitter (102) 

Autonomous system (10^) 

Roucers (106, 108) 
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Abstract (Basic) : WO 200191397 A2 

NOVELTY - A multicast address hopping technique transmitting site 
(600) encapsulates original multicast packets with a spoofed Internet 
protocol source address addressed to the range of tunnel exit hosts 
(608,610,612). Any packet arriving at a tunnel host will be 
de-encapsulated and delivered to receiving sites (614,616,618) with the 
source of the packets selectively varied to conceal the source, while 
code division multiplexing may be employed to allow various individual 
destinations to be mixed in one packet . 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for methods 
and systems for transmitting and receiving Internet protocol multicast 
packets . 

USE - Providing enhanced virtual private network capabilities on 



• : ncernet . 

ADVA^3TAGE - Protecting against traffic analysis attacks . 
DESCRIPTION OF DRAWING (S) - The drawing shows a virtual private 
technique 

Transmitting site (600) 
Exit hosts (608,610,612) 
Receiving sites (614,616,618) 
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Abstract (Basic): WO 200159584 Al 

NOVELTY - Selected data packets are marked with che current 
router's address and any previous address is overwritten. An analysis 
of a large group of attacking packets will enable the node closest 
to the attacker to be determined. 

'.'SE - For tracing anonymous denial of service attacks . 

a:;'/ANTAGE - Attacks can be eliminated at source during an attack 

[DESCRIPTION OF DRAWING (S) - The figure shows a flow chart of the 
*■ r -jceback process . 
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Abstract (Basic) : WO 9948303 A2 

NOVELTY - The incoming data packet from the public network such 
as internet is analyzed and matched with known patterns associated with 
known forms of attack on the private network. The source of data 
packet is identified as malicious or non- malicious based upon the 
matching . 

DETAILED DESCRIPTION - One of the known forms of attack is 
denial of service attack and the associated known pattern is 
unacknowledged data packets . 

USE - For blocking denial of service and address spoofing 
attacks on private network connected to internet . 

ADVANTAGE - Facilitates to identify denial of service attack 
and to block such an attack from tying up the routing device. Enables 
routing device to identify address spoofing attack and to block such 
as attack using simple technique. Facilitates to track information 
about attacker to allow preventive measures to be taken. If attack 
happens more than once in the same address in the span of certain 
period of time, then the number of messages can be limited to prevent 
overloading of E-mail or paging service. Makes use of optional shutdown 
mechanism to enable routing device to automatically shutdown certain 
S";- vices if attacks continued. 

:>fLSCRl PTION OF DRAWING (S) - The figure shows the flowchart 
i 1 n i ng the steps involved for blocking denial of service 
attack 
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First Linux-Supporting 
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Firewall to Receive 



FULLTEXT 



TEXT: 

COLUMBUS, Ohio, Oct 25, 1999 (BUSINESS WIRE) 
Achieves Yet Another First 

in the Linux Firewall Market 



Progressive Systems, Inc. 



Progressive Systems, Inc., a leading provider of network security 
solutions, today announced that its Phoenix Adaptive Firewall has 
received certification from the International Computer Security 
Association ("ICSA")/ the foremost independent evaluation and 
certification facility for network security products worldwide. 

ho Phoenix is the first ICSA certified firewall to support Caldera, 
Ha u /FurboLinux , and S.u.S.E. Linux distributions, further assuring 
: ':ji.ness customers and value-added resellers (VARs) that Linux is a 
viable platform for enterprise network security. 

"The Phoenix is an enterprise-class security solution for any business 
concerned with the integrity of its network, " said Matt Dawson, 
President of Progressive Systems. "The Phoenix extends the extreme 
reliability and high level security of a corporate-grade firewall to 
all levels of the market. With ICSA certification, businesses and VARs 
have yet another validation for choosing and recommending the Phoenix." 

"r^'SA.nec is pleased to announce that the Phoenix Adaptive Firewall has 
:.r:s.sed iCSA Firewall Cercificacion, " said Dr. Peter Tippett, Chief 
Tecnnologisc of ICSA.net. "Receiving the certified mark tells business 
rusuomers that this firewall, when properly configured, can support 
standard Internet Protocol business services while withstanding an 
extensive suite of attacks . ICSA.net applauds Progressive Systems, Inc. 
for doing their part to help increase security in the digital world. " 

The Phoenix Adaptive Firewall gives businesses an enterprise-class, 
network layer firewall that combines state tracking with anti- attack 
features to secure network assets. The Phoenix protects networks by 
performing a detailed inspection of all aspects of incoming packets and 
distributes them according to rules determined by the network 
administrators. The firewall also includes anti- attack features that 
■::s'::;le networking probe attacks commonly used by crackers. In 
. : "r., the Phoenix offers secure remote administration through a 
: : I . As the only Linux-supporting firewall to be ICSA certified, 
; 'ji.::-: cjives businesses and enterprises the option of making Linux 
•:• platform of choice for essential gateway and security services. 

Progressive's partners welcomed the groundbreaking certification. 
"Progressive is the first Linux firewall vendor to recognize the 
importance of certification, " said Benoy Tamang, vice president of 
Caldera Systems, Inc. "This move strengthens Linux for Business 
technology, showcasing it as a robust, reliable platform that can run 
mission critical, gateway apps like Web, VPN and firewall services. The 
ICSA stamp on the Phoenix firewall is exactly what Linux enterprise 
"is^OiTers need to propel deployment because it lays to rest 'perceived' 
:.;;.u:-: security issues -- a big step forward for us all." 

"Today's certification is corroboration of what our customers worldwide 
have already discovered about the Phoenix," continued Dawson. As Doug 



Laine of Zdial, Inc., a Philadelphia-ISP, commented, "The Phoenix has 
performed beyond our expectations. It has truly solved a number of 
issues for us, and continues to impress us every day. The interface is 
very easy-to-use and intuitive, and the support has been excellent." 

The Phoenix is available for most commercial Linux distributions, 
including Caldera, Red Hat, S.u.S.E. and TurboLinux, and is also 
available for the Cobalt RaQ and Rebel.com Netwinder microserver 
platforms . 

ABOUT PROGRESSIVE SYSTEMS, INC. 

Progressive Systems, Inc. is a leading vendor of network security and 
data communications solutions. The company's customer base includes 
more than 6,000 institutions, governments, and corporations, operating 
mission-critical applications on all seven continents and in space. The 
r!:re::::-: Adapcive Firewall is available directly from Progressive 

• ^^-vs -".r :^:s worldwide network of resellers as either an appliance on 
■ : -3 . RaQ platform or as software for most commercial Linux 
:>l::. ions , including Caldera, Red Hat, S.u.S.E., and TurboLinux. A 
. (-.'.wdre add-on is also available for the Cobalt RaQ, RaQ2, Qube, and 
Q'jbe2 as well as the Rebel.com Netwinder. Headquartered in Columbus, 
Ohio, Progressive Systems also has offices in San Francisco, CA and 
Tucson, AZ. Further information is available at 

http://www.progressive-systems.com or by calling (800) 558-7827. 
ABOUT ISCA, INC. 

Located in Reston, Virginia, ICSA, Inc. provides Internet security 
assurance services worldwide. Established in 1989 as an independent 
corporauion, ICSA has successfully led the security industry in the 
cievelopmenc of high quality security products through product 
cerci fica tion programs, and in establishing better security practices 
chrough management of multiple security-focused consortia. ICSA 
certification and security standards are globally accepted. ICSA is an 
international company and has offices and partners in North America, 
South America, Europe and Asia. For more information, call (888) 
396-8348 or (717) 258-1816 or visit www.icsa.net. 
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Protect your private home or business network using this fully 
featured firewall 

As the prospect affixed high-speed links to the Net draws 
tantalisingly closer, security becomes even more important. There are 
several technologies you can use to defend yourself against external 
attack , but a firewall is the most popular. 

The WebRamp 700S firewall uses packet filtering to protect your 
private home or business network, It examines incoming and outgoing IP 
packet headers and checks its characteristics against a rules list 
:hai: you can create yourself. 

Headers contain details about a packet *s origin, destination, 
protocol type, source and destination port number. This lets you build 
rules about which packets can enter or exit your network. 

The WebRamp 700S is a modem-sized product with a handful of status 
lights at the front and two lOBASE-T ports at the rear. You connect one 
port to your Internet router and the other to your LAN hub. 

Once you're connected to the network, you use a Java-enabled browser 
to configure the firewall and management functions. 

The WebRamp 700S has two extra cost optional extras-support for VPN 
(from (pounds) 279) and CyberNot content filtering (from (pounds ) 135 ) . When 
you point your browser at the WebRamp 700S you're greeted with a main 
seatus page that summarises your configuration, error messages and the 
-'J r rent network status. 

The interface has a detailed message log that can be sent to you by 
omaii on a regular basis, as well as access to WebRamp' s other 
configuration features. To say this program is highly configurable is an 
unders tatement-you can even choose to be emailed when an attack on your 
network is detected. 

The firmware is software upgradeable, so you should keep an eye on 
the manufacturer's Web site as it posts updates regularly. 

The WebRamp 700S operates either in screening mode, where your users 
have Internet-routable P addresses, or in Network Address Translation (NAT) 
mode--where they're given private addresses. 

By default, the program blocks all incoming connections to computers 
on your network, but permits all outgoing connections, giving your users 
"rensparent network access without direct exposure to the Internet. 

The WebRamp uses a 'stateful' inspection model, and protects your 
.vor K from known 'denial of service attacks. You can open holes in the 
:.:-wr.:L for individual FTP, SMTP, P0P3, ONS and HTTP servers on your 
:^ -ACtk. it's also easy to block various types of activity, including 
Kf-al Audio, lava applets and cookies. 

For businesses in need of firewall protection, the security features 
of the WebRamp 700s, as well as the easy setup and affordable price, make 
it easy to recommend. 
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... both voice and data traffic, but they're costly. 

With any Internet connection comes certain security risks. The best 
defense against risks such as hacker attacks is a firewall. Whether it's 
hardware- or software-based, a firewall inspects every incoming data 
packet , eicher accepting or denying it based on rules the administrator 
::onfigures. Most firewall products offer some sort of content-filtering 
capabilities as well, so you can prohibit the viewing of specific types of 
Web sites by category, such as pornography or violence. More advanced 
implementations offer intrusion detection , virtual-private-networking 
(VPN) support, and virus-scanning features. 

Software firewalls are cheaper than hardware firewalls, but they may 
be less secure, because they rely. . . 
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SwitchOn Networks employs 60 workers in Milpitas, Calif., and 30 in 
Pune, India. The company said its technology performs complete inspection 
of packets up to Layer 1, provides policy and content-based networking 
functions and generates statistics for traffic monitoring and metering. 

According to PMC-Sierra, these capabilities are critical for 
:.t^y.:' -qeneraeion IP equipment, such as edge routers, aggregation and POP 
switicnes, Web switches, network firewalls and intrusion detection 
syscems. The transaction will be accounted for as a pooling of interests, 
PMC-Sierra said. 

http : //www. eet . com/ 

Copyright (copyright) 2000 CMP Media Inc. 
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... IP firewall between the internal network of corporate users and any 

external connection, including an Internet connection. A firewall examines 
the IP traffic, detects hacker attack packets and discards them. 



: • . r.:fei^ ; o deuecc such attacks include packet filtering and stateful 
inspection . Packet filtering is the simplest approach and uses rules 
10 aet-ermine which packets are discarded. Rules are typically based on 
Che source, destination or applications. However, setting up and 
maintaining filtering rules would be complicated for almost all residential 
users . In . . . 
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speed links to the Net draws tantalisingly closer, security becomes 
pven more important. There are several technologies you can use to defend 
y.vjrself against external attack , but a firewall is the most popular. 
"h.H WebRamp 700S firewall uses packet filtering to protect your 
: or business necwork, It examines incoming and outgoing IP 
packet L'rricicr. s and checks its characteristics against a rules list 
:■■ y.*.: .:5n create yourself. 

Headers contain details about a packet 's origin, destination, 
pr'oeocol cype, source and destination port number. This lets you build 
rules about which packets can enter or exit your network. 
The. . . 
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. . . a packet filter or an application proxy. 

A p3ckec-f iltering firewall inspects each packet it receives and 
iries whether to forward or to drop the packet after checking a table 
1 • ■ .ss^ -op.i rol rules . 

inspection , a variacion on packet filtering, goes beyond 
. : : ^.-i-ring. Ec cracks iihe state of each connection the firewall 

This keeps attackers from hijacking a connection while it is 
:. *n i r.o or closing . 

A proxy firewall acts as an intermediary for users. Instead of simply 
passing along user... 

...firewall and then sets up a separate connection to the desired server. 

By intercepting all traffic between end points, proxies both reduce 
the risk of attack and allow inspection of data traversing the proxy. 
Some vendors employ a variation called a circuit relay. 

In circuit relay, the user logs in to... 
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. . . able to verify whether or not the data was specifically requested. 

Stateful inspection attempts to track open, valid connection without the 
need to process a rule for each packet . 

Let's now examine the advantages and disadvantages to each 
d rchi ceccure . 

Packet Filter Advantages: 

* Speed 

* Sufficient for non-business critical environments 

* Generally less expensive 

* F.te:-:ible 

' Transparent 

* Can be implemented. . . 

. . . lacking 

* Does not support user authentication 

* Can not automatically hide network and system addresses from public 

view 

* Can not provide protection against an application level attack 
(e-mail, Web, Java, etc.) 

* Susceptible to sophisticated IP fragmentation and source routing 
attacks 

^ Can not screen above network layer 

' Some protocols do not operate fully in a filters environment (Such 
-:s: Nr'S, NIS/YP, Berkeley "r" commands) 

* Ca n , - . 
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. . . 2, page 66) . The filtering rules include fields such as source and 

destination IP address, type of protocol, source port number, and 
destination port number. 

Packet filters examine these criteria against a predefined 
value and perform a simple comparison before allowing a packet to proceed 
along its intended route. 

Packet filters generally are the least... 

. . . t; r dropping it. However, packet filters have some major drawbacks: They 
'Vinnci keep crack of a particular network session nor can they prevent IP 
sroof attacks . 

IP spoofing occurs when a hacker uses an IP address that belongs to a 
legitimate, unsuspecting victim--most often someone on the inside of a... 
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... processing. The top units, like Network General Corp.'s Sniffer, 

provide an English-language identification of the protocols in use, and 
evaluate any damage or irregularities in the captured data . 

You can use the protocol analyzer to display packets selectively in 
real time or to capture activity on the network for later study. Other 
possibilities include setting filter criteria so that the analyzer 
displays only packets that are going to or from certain stations, are 
formatted according to specific protocols, or contain certain errors. 
Simultaneously setting several of these filters reduces... 
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. . . speed and make intelligent decisions for applications such as 

roucing, quality of service, load balancing, URL switching, and security. 
.-^^vnr.chOn Network's technology performs complete inspection of packets 
up uo Layer 7, provides policy and content based networking and generates 
scacistics for traffic monitoring and metering to allow for value-added 
services and billing. These capabilities are critical for next generation 
IP equipment such as edge routers, aggregation and POP switches, web 
switches, network firewalls and intrusion detection systems. 

"The addition of SwitchOn Network's packet classification expertise 
is a complementary fit to our broadband communications strategy, " said Bob 
Bailey, PMC-Sierra ' s . . . 
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. . , and Macintosh. 

ABOUT PHOENIX 

The Phoenix Adaptive Firewall gives businesses an enterprise-class. 



network-layer firewall that combines stateful analysis of network traffic 
wich anti- attack features to secure business assets. The Phoenix protects 
networks by performing a detailed inspection of all aspects of incoming 
packets and distributing them according to rules determined by the 
network administrators. The firewall also includes anti- attack features 
that disable networking probe attacks commonly used by hackers and offers 
secure remote administration through a Java GUI. Phoenix also helps protect 
'^r-janizat ions from distributed denial of service (DDOS) attacks . 

The Phoenix firewall appliance, based on the space saving lU 
racKmount Cobalt RaQ3i, uses an x86 architecture with a 512k level 2 cache 
to reach . . . 
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beginning in Q2 of 2000. 
About Phoenix 

The Phoenix Adaptive Firewall gives businesses an enterprise-class, 
network-layer firewall that combines state tracking with anti- attack 
features to secure network assets. The Phoenix protects networks by 
performing a detailed inspection of all aspects of incoming packets and 
distributing them according to rules determined by the network 
administrators. The firewall also includes anti- attack features that 
disable networking probe attacks commonly used by hackers and offers 
secure remote administration through a Java GUI. 

The Phoenix firewall appliance based on the Cobalt RaQ2 uses a 64 . . . 
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... developers can build their solutions. 

About Phoenix 

The Phoenix Adaptive Firewall gives businesses an enterprise-class, 
network-layer firewall that combines state tracking with anti- attack 
features to secure network assets. The Phoenix protects networks by 
performing a detailed inspection of all aspects of incoming packets and 
distributes them according to rules determined by the network 
administrators. The firewall also includes anti- attack features that 
disable networking probe attacks commonly used by crackers and offers 
secure remote administration through a Java GUI. The Phoenix Adaptive 
Firewall, the first commercial firewall to support Linux, is... 
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. . . from the ground up with security in mind. The Phoenix is an 

enterprise-class, network layer firewall that combines state and packet 
analysis with anti- attack features to secure network assets. The Phoenix 
protects networks by performing a detailed inspection of all aspects of 
incoming packets and distributes them according to rules determined by 
che network administrators. The firewall also includes anti- attack 
lehiur.es that disable networking probe attacks commonly used by crackers. 
As Lhe only Linux-supporting firewall to be both ICSA and LinuxLabs 
cercified, the Phoenix gives businesses and enterprises the option... 
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. . . security services. 

About the Phoenix Firewall Appliance 

The Phoenix Adaptive Firewall gives businesses an enterprise-class, 
network layer firewall that combines state tracking with anti- attack 
features to secure network assets. The Phoenix protects networks by 
performing a detailed inspection of all aspects of incoming packets and 
distributes them according to rules determined by the network 
administrators. The firewall also includes anti- attack features that 
tliScjbJe networking probe attacks commonly used by crackers and offers 
■';r-^ remote administration through a Java GUI. 

The Phoenix firewall appliance based on the Cobalt RaQ2 uses a 64... 
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. . . based application and infrastructure services to be more network 

:L:re Lhan comparative UNIX offerings. CyberwallPLUS-SV provides 
industrial-strength, multi-level security that includes stateful packet 
inspection and detailed network access controls for address-mapping, 
time-based rules , and filtering capabilities. The product detects and 
actively protects Windows NT-based servers against malicious denial -of- 
service and intrusion attacks , and other "suspicious" network activity. 

Tactical Remote Access Penetration Study (TRAPS) TRAPS is a fixed 
price external network penetration service which provides crucial 



i n i o rma u i on on . 
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... wire-speed IP Security (IPSec) encryption/compression processors. 

They will meet the processing demands of network applications such as 
firewalls, routers, access concentrators, VPN gateways, intrusion 
detection systems and resource load balancers. 

"This important alliance will result in robust security throughout 
' 'r.c "^rporate network for functions that need to be performed at wire 
: : s ; :h as policy -based packet inspection , encryption and 

' : • . .said Ray Farnham, chairman and CEO of Hi/fn. "The work we are 

: * : a;-.:. NeeBoosu is a win for OEMs and... 
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... gateway applications such as web, VPN and firewall services." 

The Phoenix Adaptive Firewall provides a granular level of Security, 
protecting networks by performing a detailed inspection of all aspects of 
incoming packets and distributes them according to rules determined by 
the network administrator. Inbound data with non-allowed contents is not 
transmitted to the network being protected. This provides a very 
: ne-y ra ined . . . 

... ::r-'vva]is implemented today. Users can achieve greater precision in 
- • • : access CO networks than is possible with traditional firewalls. 

. : .: - .--t^ firewall Technology includes anti- attack features, disabling 
• ' .-j'r-; probing attacks commonly used by crackers. 

The Phoenix Adaptive Firewall also features an easy-to-use Secure 
Remote Administration via a Java GUI. This interface provides strong... 
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Privately-held SwitchOn's technology performs complete inspection of 
Internet Protocol (IP) packets up to Layer 7. It provides policy - and 
concent-based networking and monitors traffic for metering purposes. 

These capabilities are critical for edge routers, aggregation and 
poinc- of-presence switches, Web switches, network firewalls and intrusion 
detection systems . 

Bob Bailey, PMC-Sierra's chairman and chief executive, said: "The 
addition of SwitchOn's packet classification expertise is a complementary 
fit to our ... 
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... oil industries. Smiley says he'd like to see more integrated and 

easily manageable Linux security and administration tools. 

"If a new type of (hacker) attack comes, you have to gather the 
packets , analyze them and create your own new rules every time, " 
Sioi ley says. "It'd be nice if there was a way to automate that." 

Caldera will debut Cosmos, its first network management product... 
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The Phoenix firewall inspects incoming packets and distributes 
them according to rules established by the administrator. Inbound data 
can be blocked, and there are anti- attack features to stop common types 
of attacks . The Java graphical interface allows remote administration and 
is designed to provide strong authentication and encryption from the Web 
browser . 

The charge for an unlimited. . . 
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... the firewall. This technology, called stateful inspection, examines 

prococol information to verify that a given connection is part of a 
legitimate conversation. 

Stateful inspection thwarts attacks that hobble packet filters and 
may equal or surpass the security of proxied access because it also 
examines information through application-layer commands. 

Also, because, . . 

... i^- :ioL process the logic of cl lent /server interactions, they typically 
:i r ra*:e faster than cheir proxy counterparts. Does superior performance 
Sci.:rifice flawless security? Theoretically, yes: Packet inspection 
en:jines pass packets unmodified if access rules permit, but proxies 
intercept, validate , and rewrite all information before sending it on. 
But the marketplace has answered this question with a resounding "no." No 
gaping flaws yet have been... 
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... Windows NT, we have one thing to say to those experts: Guess again. 

NSTL bombarded seven top-selling NT firewalls with nearly 300 forms of 
attack and found no significant security loopholes. These products also 
do an excellent job of locking down potential vulnerabilities in Windows NT 
itself. Two products stood... 

...an application proxy. A packet - filtering firewall inspects each packet 
ic receives and makes the decision to forward or drop the traffic based on 
a check against a table of access control rules . Stateful inspection , 
a variation on packet filtering, goes beyond simple filtering by also 
keeping track of the state of each connection the firewall handles. 

A proxy firewall acts as an intermediary for users. By intercepting 
all traffic between endpoints, proxies not only reduce the chance for 
attack but also allow inspection of data traversing the proxy. 

After years of debate over which technology offers better security, 
vendors are beginning to blend the. . . 
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... a smart packet filter can apply more complex rules and monitor not 

just individual packets but entire sessions, creating more rigorous and 
flexible defenses against attacks . 

The smart filter reads the header of a session's first packet, 
.:ompares it to the rules and, if approved, routes successive packets 
uh rough a . . . 



...filter compares its header to that of the first packet to verify that it 
belongs to the same session. Thus, it doesn't need to verify each packet 
against the rules . 

With information about entire sessions, a smart- packet -filter 
firewall can deploy very secure means to control unauthorized access. One 
siracegy is to control otherwise wide-open UDP connections by forcing UDP 
sessions . . . 
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SwitchOn Networks employs 60 workers in Milpitas, Calif., and 30 in 
Pune, India. The company said its technology performs complete inspection 

of packets up to Layer 1, provides policy and content-based 
networking functions and generates statistics for traffic monitoring and 
metering . 

According to PMC-Sierra, these capabilities are critical for next- 
generation IP equipment, such as edge routers, aggregation and POP 
switches, Web switches, network firewalls and intrusion detection 
systems. The transaction will be accounted for as a pooling of interests, 
PMC-Sierra said. 

hf. tp : / /www. eet . com/ 

Copyright 2000 CMP Media Inc. 
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... Systems' AS5300, using Multilink PPP, was employed to terminate 

the ISDN calls and route calls to our enterprise network. 

To test security, we generated spoofing attacks using Internet 
Security Systems' Firewall Scanner package. All of the devices performed 
as advertised, allowing only the traffic we defined to pass through the 
firewall . . . 

...'"harioc end points were smaller than 127 bytes to maximize the amount 
work each SOHO firewall router had to process. We then added filtering 
rules to the devices and ran the same tests . 

Even with packet -filtering rules enabled, the performance hit was 
less than 2 percent. Finally, compression was turned on and the same 
tests were repeated. 

Copyright (c) 1998 CMP Media... 
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...speed and make intelligent decisions for applications such as routing, 
quality of service, load balancing, URL switching, and security. SwitchOn 
Network's technology performs complete inspection of packets up to 
Layer 7, 

provides policy and content based networking and generates statistics for 
traffic monitoring and metering to allow for value-added services and 
billing . 

These capabilities are critical for next generation IP equipment such as 

edge 

routers, aggregation and POP switches, web switches, network firewalls and 
intrusion detection systems. 

-addition of SwitchOn Network's packet classification expertise is a 
' ':'uienca ry fit to our broadband communications strategy," said Bob 

: Ley, 
i MC-Sierra ' s . . . 
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...CE), Solaris and Macintosh. 

ABOUT PHOENIX 

The Phoenix Adaptive Firewall gives businesses an enterprise-class, 
ner vvork-layer firewall that combines packet state analysis with anti- 
attack 

.rf:5, ; -> secure necwork assets. The Phoenix protects networks by 
: • r : r. J a cieuailed inspection of all aspects of incoming packets and 
* : .:- j:-inc Lhem according to rules determined by the network 
. i;; ra i:ors . The firewall also includes anti- attack features that 

: . :Su 0 .1. <d 

networking probe attacks commonly used by hackers and offers secure 
remote 

administration through a Java GUI. Phoenix also helps protect organizations 
from distributed denial of service (DDOS) attacks . 

The Phoenix firewall appliance based on the award-winning Cobalt RaQ2 uses 
a 

64 bit, 250mhz RISC processor to reach performance levels above T-3... 
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...ABOUT THE PHOENIX FIREWALL 

The Phoenix Adaptive Firewall gives businesses of all sizes an 
enterprise-class, network layer firewall that combines state tracking 
v.'ich anti- attack features to secure network assets. The Phoenix 
: r'"*._-!-.s networks by performing a detailed inspection of all aspects of 

■ • ■: packets and distributes them according to rules determined by 
• -.:irrtin ist ra tors . The firewall also includes anti- attack 

r .:• - • r.dv disable networking probe attacks commonly used by 

: ; In addition, the Phoenix offers secure remote administration 

\:.rcucjri a Java Graphical User Interface (GUI). As the only 
Linux-supporting firewall. . . 
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...the certified mark tells business 

customers that this firewall, when properly configured, can support 
standard Internet Protocol business services while withstanding an 
e:-:tensive suite of attacks . ICSA.net applauds Progressive Systems, Inc. 
for doing their part to help increase security in the digital world. " 

'■^ ' r"'-. ' r. i ;•: Adaptive Firewall gives businesses an enterprise-class, 

jciver firewall that combines state tracking with anti- attack 
:Les uo secure network assets. The Phoenix protects networks by 
: • • r :: o rmi ng a detailed inspection of all aspects of incoming packets and 

is tributes them according to rules determined by the network 
administrators. The firewall also includes anti- attack features that 
disable networking probe attacks commonly used by crackers. In 
addition, the Phoenix offers secure remote administration through a 
Java GUI. As the only Linux-supporting firewall to be ICSA. . . 
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ABSTRACT: 

Frame relay continues to evolve despite the fact that IP is more flexible 
and ATM is faster. It has been enhanced in performance, combined with QoS 
and most recently blended with IP to link multiple sites and run high-end 
applications with the necessary bandwidth. AT&T's new IP Enabled Frame 
Relay has revitalized interest in the technology by letting companies 
deploy meshed frame networks at far less cost than alternative 
technologies. Companies pay for permanent virtual circuits (PVC) between 
pairs of sites, typically in a hubbed configuration to reduce the number of 
•irouics. IP Enabled Frame users order a special PVC running from a Cisco 
roj^er and cake advantage of the carrier's adoption of Multiprotocol Layer 
.-wirching (MPLS) on the IP backbone. AT&T's network contains a Cisco PBX 
irciine switch that converts frame packets into IP and marks them with MPLS 
Lags before sending them to their destination. 
TEXT: 

The gods must have a special place for frame relay. Bested by ATM in speed 
and by IP in flexibility, frame relay keeps on mutating and growing. First 
there was high-speed frame. Then there was frame with QoS. Now the 
iTrarne-meisters are blending IP with frame to make it better than ever at 
linking scads of sites and running top-class apps . 

The latest remake has two episodes. Episode one: the AT&T story. The 
■'^rrier rolled out IP Enabled Frame Relay in the United States in January 
* . 'rh-:^ Lechnology enables companies to deploy meshed frame networks at 
- • I o\\\ p rices . 

Here's how it works. Today, companies wiring up a WAN with frame 
:v'ldy pay for Permanent Virtual Circuits (PVCs) between pairs of sites. 
Growing the number of sites and interconnecting offices to each other 
requires a huge number of PVCs. A 10-site network, for example, would 
demand 4 5 PVCs for a fully meshed network. To avoid that cost, companies 
end up wiring in a hubbed configuration, connecting sites to a central 
headquarters. While this architecture might create a single point of 
failure and introduce additional latency, it reduces those 45 PVCs, for 
example, to just nine. 

With IP Enabled Frame, AT&T has a way to cut full-meshed network 
costs. The key is the adoption of the Multiprotocol Layer Switching (MPLS) 
protocol on AT&T's IP backbone. MPLS delivers frame-like PVCs on top of IP 
wir.h one exception: those circuits can encompass multiple sites. 

Customers looking to mesh their networks order a special PVC from 
AT&T chau runs from a Cisco Systems router on the customer premises to the 
Cisco BPX frame switch on AT&T's network. The BPX converts the frame 
packets into IP, marks the packets with an MPLS tag, and sends them across 
AT&T's IP backbone to their destination. 

The only catch is reliability. Network managers must base their frame 
network on a single vendor, and as experience shows, no frame relay network 
is foolproof. This is particularly true as AT&T looks to deliver the 
service internationally through Concert, its partnership with British 
Telecom. "If you've suffered the number of breakdowns in the network that I 
have, then you wouldn't want to connect major sites with just one vendor," 
says Toni Bergman, network manager at SKF AB, a bearings manufacturer. 

Episode two: the Nortel Networks story. The frame switch provider has 
"•erne owe wich two enhancements for managed I P-over- f rame services. Dubbed 
IP Enhanced Frame Relay, Nortel technology aims to solve the configuration 
and QoS issues of running IP over frame relay. 

On the configuration side, the company has devised a way to shorten 



upgrade times on managed I P-over- f rame services. Normally upgrading a frame 
?VC requires reconfiguring the switch and the routers on both ends of the 
rVr:. With the Nortel approach, changes made to the PVC at the frame switch 
'ji': au coma tically pushed down to the Customer Premises Equipment (CPE), 
w:ii::m reconfigures itself. The feature works with routers from Nortel 
subsidiary Bay Networks, but chat may change soon. Nortel says it has 
proposed the configuration technology to the frame relay forum, which may 
decide to adopt the spec in the first quarter of 2000. 

On the QoS side, Nortel has implemented differentiated QoS over a 
single PVC. Current frame relay QoS, from providers like Infonet Service 
(www. infonet.com), assigns applications with different priorities to 
different circuits. Mission-critical applications, for example, might be 
assigned to better performing (and more expensive) PVCs, while less 
important applications would be assigned to lower - priority PVCs. 
However, none of these services can give higher priority to a CEO 
hrowsinq the Web than they can to the janitor. 

Krrrel's new QoS initiative will enable carriers to make that 
I rj:i . The product now uses QoS levels assigned by the router on 
■ i.iner premises. QoS levels are designated through the 

:.aLed services specification. Once tagged by the router, the 
packets get placed in a queue associated with that service level. High - 
priority packets are placed in a queue serviced more frequently than 
packets in a low - priority queue. 

Just when these features will find their way into services isn't 
clear. "We want to statically configure our CPE gear to ensure parameters 
are set correctly, " says Brian Presley, frame relay product manager at 
Infonet. And the QoS features? "We aren't currently looking for QoS 
over a single PVC, " says Presley. "The ability to set up different PVCs 
gives us more flexibility and better control over the network." 
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... load. Because of Accelar's shared memory architecture, the switch 

latency remains constant regardless of load or port configuration. 

Finally, I tested the switch's QoS ( Quality of Service ) 
'-opribi 1 i t: ies . Using two ports to oversubscribe a third, I tested its 
priori iiy queuing mechanism. I offered varying loads of low - and high - 
priority traffic, and in all cases the Accelar forwarded 100 percent of 
i.ho high - priority traffic without any packet loss. 

I applaud Nortel's decision to include support for eight 
hardware-based priority queues in the 8600 architecture. The vendor's 
support for eight classes of service allows for a significant amount of 
QoS granularity in the enterprise backbone. 

The icing on the cake for the Accelar 8600 is its aggressive pricing. 
Nortel has taken huge strides toward making... 
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. , . the technology. The offering also is currently in trials at more 

ban 20 customers worldwide. 

The product received a mixed reaction from resellers. 

"(Scinger's) QoS and packet prioritization features are what it 
cakes to do voice-over-DSL deployments," said Jeff Carnegie, president of 
Cairnegie Technical Inc., a San Diego-based VAR, adding the product's 
release was an inevitable step. "But I don't believe any of the routers on 
the market support QoS . And, regarding DSL quality, the router's ability 
to differentiate between high - priority and low - priority packets 
is key, " he said. 

"This is not a channel product, " said Randy Wear, principal of 
Decisions Systems Plus Inc., a Rosemont, 111. -based VAR. "An... 
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. . . starvation when higher-class traffic exceeds the available 

cnndwidch. This problem has the potential to escalate into serious 
congestion as the source retransmits delayed IP packets . 

Advanced traffic management avoids bandwidth starvation by allowing a 
service provider to assign each service class a minimum bandwidth 
guarantee. This reduces the QOS effect on lower - priority traffic of 
the temporary presence of excess higher - priority traffic, just as some 
discount fare seats are available on all flights. 

A common pool of bandwidth can be set aside and shared on a... 
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... • u-al tor multiservice networks. Network operators can optimize 

• • "ii^ciency and tailor necwork traffic to support multiple levels of 

■ / rneeL cheir end-users QoS requirements. For example, a higher 

priority level of access can be assigned to delay-sensitive applications, 
such as voice and video, while a lower priority level of access is 
assigned to data and image applications that are more tolerant of network 
delays. Through a sophisticated algorithm, FPQ minimizes the packet loss, 
ensures the reliability of high priority traffic and prevents lower 
priority traffic from being "locked out" even during congestion. 

The new fragmentation feature of the FRX is suitable for service 
provider networks that support a mixture... 

...voice and video, and requiring different levels of delivery. On a per 
PVC basis, fragmentation enables service providers to control the maximum 
size for the packets that are queued into the network. This improves QoS 

through lower delay variation of high priority , delay sensitive 
;:ra i'fic {small frame) when mixed with low priority , non-delay sensitive 
(large frame) traffic. Segmented packets traverse the network, 
seqment-by-segment , and are reassembled before leaving the FRX network. 
N.E.T. 's seamless LMI offers greater session resiliency and... 



38/3, K/5 (Item 2 from file: 621) 

DIALOG (R) File 621:Gale Group New Prod . Annou .{ R) 
(c) 2004 The Gale Group. All rts. reserv. 

01421913 Supplier Number: 4 6680721 (USE FORMAT 7 FOR FULLTEXT) 
Ipsilon Adds Fast Ethernet Backbone Capability to IP Switched Networks; 

Expands IP Switching Software Feature Set; New FAS1200 Product Raises the 

Bar for Fast Ethernet Price/performance. 

. W : re, p0903G047 

. ' I ' :996 

:.c'::!c:uaqe : English Record Type: Fulltext 
Document Type: Newswire; Trade 
Word Count : 1269 

... or destination address, service type, or transport protocol. 

Because it takes advantage of information already contained in the header, 
Ipsilon 's flow classification process delivers QoS as an integral benefit 
of IP switching technology, enabling managers to switch data streams to 
particular ATM ports for priority forwarding. 

Using flow classification, each IP Switch can steer packets onto an 
ATM virtual connection with a QoS appropriate to the application. For 
e;':ample, if the flow is a time-critical stock market data feed, it could 
receive the highest priority through the ATM fabric; conversely, the 



flow might contain an experimental video service that should be treated 
with the lowest priority . 

The key benefit to the local policy QoS supported by the new Ipsilon 
software is that applications need not be rewritten to comply with ATM 
Forum standards; instead, the TCP/IP information in the IP packet can set 
up the appropriate QoS . 

Managers can configure local policy within the IP Switched network 
nsir'.q the graphical user interface provided by Ipsilon's Network Voyager, a 
Wen-oased network... 
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... ideal for multiservice networks. Network operators can optimize 

network efficiency and tailor network traffic to support multiple levels of 
CoS and meet their end-users QoS requirements. For example, a higher 
priority level of access can be assigned to delay-sensitive applications, 
such as voice and video, while a lower priority level of access is 
assigned to data and image applications that are more tolerant of network 
delays. Through a sophisticated algorithm, FPQ minimizes the packet loss, 
ensures the reliability of high priority traffic and prevents lower 
priority traffic from being "locked out"-- even during congestion. 

The new fragmentation feature of the FRX is suitable for service 
p:Mvicier netvyorks that support a mixture... 

...viJice and video, and requiring different levels of delivery. On a per 
1 '.'V bcsis, fragmentation enables service providers to control the maximum 
^ize for che packets that are queued into the network. This improves 
QoS through lower delay variation of high priority , delay sensitive 
traffic (small frame) when mixed with low priority , non-delay sensitive 
(large frame) traffic. Segmented packets traverse the network, 
segment-by-segment, and are reassembled before leaving the FRX network. 
N.E.T.'s seamless LMI offers greater session resiliency and... 
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... or destination address, service type, or transport protocol. 

Because it takes advantage of information already contained in the header, 
Ipsilon's flow classification process delivers QoS as an integral benefit 
'•: IP switching technology, enabling managers to switch data streams to 
r icular ATM ports for priority forwarding. 

Using flow classification, each IP Switch can steer packets onto an 
ATM virtual connection with a QoS appropriate to the application. For 
example, if the flow is a time-critical stock market data feed, it could 
receive the highest priority through the ATM fabric; conversely, the 
flow might contain an experimental video service that should be treated 



I 



■ r.- lowest priority . 

[\''r ':-iy benefit to the local policy QoS supported by the new Ipsilon 
:* .jip is chau applications need not be rewritten to comply with ATM 
: 1 sLciodards; instead, the TCP/IP information in the IP packet can set 
::he appropriate QoS . 

Managers can configure local policy within the IP Switched network 
using the graphical user interface provided by Ipsilon 's Network Voyager, a 
Web-based network. . . 
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. . . has proposed the configuration technology to the frame relay forum, 

which may decide to adopt the spec in the first quarter of 2000. 

On the QoS side, Nortel has implemented differentiated QoS over a 
PVC . Current frame relay QoS, from providers like Infonet Service 
. . r. : r.nei: . com) , assigns applications with... 

ferenc circuits. Mission-critical applications, for example, might be 
-issigned to better performing (and more expensive) PVCs, while less 
irnporLanc applications would be assigned to lower - priority PVCs. 
However, none of these services can give higher priority to a CEO 
browsing the Web than they can to the janitor. 

Nortel's new QoS initiative will enable carriers to make that 
distinction. The product now uses QoS levels assigned by the router on 
the customer premises. QoS levels are designated through the 
differentiated services specification. Once tagged by the router, the 
packets get placed in a queue associated with that service level. High - 
priority packets are placed in a queue serviced more frequently than 
packets in a low - priority queue. 

Just when these features will find their way into services isn't 
clear. "We want to statically configure our CPE gear to ensure parameters 
are set correctly, " says Brian Presley, frame relay product manager at 
Infonet. And the QoS features? "We aren't currently looking for QoS 
over a single PVC," says Presley. "The ability to set up different PVCs 
gives us more flexibility and better control over the network." 
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. . . has proposed the configuration technology to the frame relay forum, 

which may decide to adopt the spec in the first quarter of 2000. 

On the QoS side, Nortel has implemented differentiated QoS over a 
single PVC. Current frame relay QoS, from providers like Infonet Service 
(www. infonet.com), assigns applications with... 



...different circuits. Mission-critical applications, for example, might be 
assigned to better performing (and more expensive) PVCs, while less 
important applications would be assigned to lower - priority PVCs. 
However, none of these services can give higher priority to a CEO 
browsing the Web than they can to the janitor. 

Nortel's new QoS initiative will enable carriers to make that 
discinction. The product now uses QoS levels assigned by the router on 
the cuscomer premises. QoS levels are designated through the 
differentiated services specification. Once tagged by the router, the 
packets get placed in a queue associated with that service level. High - 
priority packets are placed in a queue serviced more frequently than 
packets in a low - priority queue. 

Just when these features will find their way into services isn't 
clear. "We want to statically configure our CPE gear to ensure parameters 
are set correctly, " says Brian Presley, frame relay product manager at 
Infonet. And the QoS features? "We aren't currently looking for QoS 
over a single PVC, " says Presley. "The ability to set up different PVCs 
qives us more flexibility and better control over the network." 
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. . . linking multiple chips or design a variety of switches by linking 

to other devices in the Allayer series. 

The switch supports key features such as quality of service , 
trunking and Vlan. The device supports four classes of service which allows 
a networking switch to recognise and give priority to packets of data 
chat have been marked for faster delivery. The device recognises and 
prioritises class 0 (management information) , class 1 (voice and video) , 
class 2 (data) and class 3 (back-up data) , which are examples of high to 
low priority rating. 

The trunking feature in the AL1022 supports IEEE 802. 3ad. This 
feature enables multiple ports on a switch to be combined into faster 
connect ion . . . 
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... We're not convinced this approach will enhance routing protocol 

f:er forma nee , but time will tell. 

The SSR-16 is capable of routing 30 million IP packet /sec via its 
:.cnblocking switch fabric. The switch provides dedicated, independent 
packet buffers on each output port, and space is allocated for hundreds of 
n5a:-:imum-size Ethernet packets on each Fast Ethernet and Gigabit port. 
Separate buffer space is allocated to each of four classes of traffic, and 



forwarding is done on a prioritized basis, ranking the four classes from 
highest to lowest priority . 

Ccblecron cakes an excellent approach to QoS , and we believe four 
• . j: e r^n appropriate number of levels. Many vendors offer too few or too 
•::^/ .-lasses; two is too few, and... 
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... services as Diffserv (differentiated services), IP precedence, MPLS 

(multiprotocol label switching), RSVP (resource reservation protocol), and 
802. Ip are helping improve things on the IP QOS front (seeTable 2). 
QOS , Continued 

To process different priority levels, a switch or router must be 
constructed with multiple queues for every port. Queues are like holding 
:anks for the various priority levels, and when there's more than one, 
higher - priority packets can be prioritized and moved ahead of traffic 
. - :r:"^: lower priority level. 

:c r Luna teiy, many switches and routers have single queues only. 
Ar.ei. '.here's congestion, all packets begin lining up in the same 
cjeue-which isn't good as far as video is concerned. So try to upgrade 
swirches and routers so... 
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... in order for each priority. Out-of-order packets are counted, but 

reported separately. Upon completion of the test run, QoSBench compares the 
n jinber of packets received at each priority level with the expected 
- : • ; : packets received at that priority level, and assigns a QoS 
• • ' : : jst^ri on the number of packets received in order. 

r.*^ :ZZE 802. Ip standard specifies that QoS be delivered strictly on 
: : * : -| ::oriLy basis. In QoSBench, this means that if four priority levels 

ijered co the DUT, all the highest - priority information should 
arrive, to the exclusion of lower - priority traffic. The QoS factor 
provided by QoSBench takes this into account. If the DUT drops any high - 
priority frames, the DUT receives no credit for meeting the QoS agreement 
for the lower - priority queues. 

If the device under test passes all the packets it possibly can, in 
order, and with proper QoS, it is possible for the device to exceed a 
100-percent QoS factor. Packets buffered by the DUT at lower priorities 
will be expelled from the queues of the device after all higher - priority 



packets have been forwarded. These buffered packets also count toward 
the QoS factor if all other QoS guarantees have been met. Both of the 
devices we . . . 

...of QoS guarantees. 

First, the Priority Test measured the switch's ability to forward 
IEEE 802. IQ tagged VLAN frames properly while enforcing Layer 4 QoS based 
on the IEEE 802. Ip bits defined inside the tagged frame. This test 
validates the switch's ability to handle 802. IQ tagged frames... 

...CO each port with a unique UDP source and destination port number. The 
switch was configured to filter traffic that would have gone into the 
highest - priority queue, and the remaining traffic was to be classified 
into the three lower - priority levels. This test stressed the DUT's 
ability to filter traffic while maintaining QoS . It also forced vendors 
to use the lower three queues in their architecture to the exclusion of the 

highest - priority queue. Thus, if the vendor were "cheating" by 
allocating additional memory to the highest - priority queue, it would 
become apparent in this test . Both products properly enforced QoS while 
filtering all packets configured to be discarded. The results are 
sui'mnarized in "Filtering Test Results" below. 

Tf should be noted that both vendors had to do some tweaking... 
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... to control TCP. Several vendors told us our capabilities were more 

advanced than their internal testing mechanisms and gave them a deeper 
understanding of how QOS works. 
Time and Punishment 

We conducted four sets of tests. First, we offered steady-state 
r.rariic and took baseline measurements of forwarding rate with no... 
...posr. office protocol version 3) data over TCP port 110; the balance were 
; *'^ -;-pr icri f:y HTTP sessions using TCP port 80. Both high- and low- priority 
-^t ssions uransferred 1 Mbyte of TCP data over the backbone. 

Because traffic from 10 fast Ethernet ports is theoretically capable 
bei ng carried by a ... Ethernet backbone. 

To find out if QOS can help, we headed back to the test bed. This 
time we asked vendors to enable QOS so high - priority traffic would 
receive four times the bandwidth of low priority . Then we offered the 
switches the same load as in the prior round: nine high - priority and 18 
low - priority TCP sessions to each of 16 inbound ports. 

We were mainly interested in determining if forwarding rates for 
high - priority traffic improve with QOS enabled. We also were curious to 
see what would happen to low - priority traffic-would switches deliver a 
4:1 ratio? 

Activating QOS made a difference for all switches-but there were big 
variations. Lucent's Cajun pushed high -priority packets at 426 kbyte/s, 
even faster than when we baselined with 10 fast Ethernet ports. 3Com's 
Corebuilder really picked up speed, moving traffic at an average of 271 
kbyte/s per session-nearly twice as fast as its results without congestion 
and nearly five times faster than it moved packets with congestion but 



without QOS enabled. 

Cabletron, Cisco, and Extreme were all more sluggish with QOS enabled 
Chan they were with no QOS and no. . . 

...s results posed a major concern for us: WRED substantially slowed 
low-priority traffic while only marginally speeding transfers for 
M ; *:h-prioricy packets. Indeed, low- priority sessions took more than four 
*^irnes longer to complete with WRED enabled, while high- priority sessions 
inoved only 30 percent faster than they did without WRED turned on. Cisco 
says WRED is doing what it's supposed to. But we noticed that Cisco's 
switches dropped large amounts of low - priority traffic, even after we'd 
stopped transmitting high - priority sessions. We suspect that's because 
'.he WRED implementation in the Catalyst 5505 uses only one queue per output 
pore, regardless of priority level. Since we continually kept the queue 
full, low - priority traffic was continually dumped. 

Lucenc moved low - priority sessions the fastest, but the ratio was 
:o like 5:2. Extreme also pushed low - priority traffic relatively 
r'.^y, :::uc iihe ratio between high - and low - priority sessions was 
:: i i ke 2 : 1 than 4:1. 

The Singles Scene 

Thus far we've only looked at average forwarding rates. But as we... 

...what we found. Cabletron's SmartSwitch took an average of 43,000 
milliseconds per session to transfer 1 Mbyte of high-priority TCP data with 

QOS enabled. But the difference between the shortest and longest session 
was nearly 12,000 ms-nearly 30 percent. Extreme's Summits also exhibited a 
variation of 10 percent. The good news is that most switches show less 
variation in high- priority sessions than for other traffic. 

Packet traces of individual outbound ports were equally revealing. If 
a switch comes close to attaining a 4:1 ratio, the natural assumption is 
■:\\az each port would receive four high - priority packets, followed by 
{.nci low - priority packet. In other words, we expected to see 
: f! ::er lea ving at the packet level. 

But v;e saw something more like interleaving at the TCP window level: 
one window (45 packets) of high - priority traffic, followed by 45, 90, 
or even 135 packets of low - priority traffic. 

This is a problem for two reasons. It nearly reverses the desired 4:1 
ratio, and high - priority packets get stuck behind lots of low - 
priority traffic. And that leads to latency; an app could time out in the 
time it takes to send even one window's worth of low - priority traffic. 

There's another hidden problem. Everything may look OK on the 
backbone, where the traffic from 16 outbound ports is flowing together. But 
pull ... real-time voice, video, and multimedia. Jitter-the variation in 
:ielay-is also key for voice and video. 

We generated two 64-kbyte bursts of high -priority P0P3 traffic to 
each of 10 ports in parallel. We also offered five low-priority 
sceady-state Web sessions to the 10 ports. And... 

...same amount of time to get through the switch, regardless of priority. 
Note that all switches except Cisco's significantly increased per-packet 
latency of low - priority traffic when QOS was enabled. 
All Shook up 

We also measured jitter for high - and low - priority traffic (see 
Figure 3). Cisco's switches were far and away the most consistent with QOS 
enabled, posting variations of just 73 microseconds and 62 microseconds for 

high - and low - priority packets. Lucent's 56-microseconds jitter was 
the lowest we recorded. Cabletron's Smartswitch Router 2000 exhibited more 
Utter on high - priority sessions than low. 

One very disturbing result for all vendors except Cisco is that 
'zuier is far higher with QOS enabled. In the case of Extreme's Summit4, 
: example, jitter for high - priority traffic jumps from 10 
irii c roseconds to 210 microseconds when QOS is enabled. It's even worse with 
low -priority traffic; there, jitter jumps from 7 microseconds without QOS 
to 2,297 microseconds with QOS enabled. 

To put these results in perspective, even the highest jitter 
recorded, Cabletron's 4 ms, is still a trifling amount for most apps . But 
...link, since we offered traffic from 16 ports through a pipe capable of 
servicing a maximum of 10. We also designated two classes of traffic, high 



: - :,v. f ricricy, with a different TCP port number assigned to each. We 
5 cocal of 27 sessions to each port-nine of high... 

...asked vendors to enable their QOS capabilities and ran the same 
measurements once more, this time noting forwarding rate and variation in 
session times for high - and low - priority traffic. 

In the tests involving bursty traffic, we asked vendors to configure 
r.heir switches so that high - priority traffic would receive four times 
che bandwidth of low - priority sessions. We then offered each client 
pore a burst of kbytes of high - priority TCP data, followed by a gap 
300 milliseconds, followed by another 64-kbyte burst. At the same time, 
'iiso oiTfered each client port five steady-state streams of low - 
priority sessions, each comprising 256 kbytes of TCP data. We measured 
lacency for each packet of all high - and low - priority sessions, and 
used standard deviation of latency to calculate jitter. 

Not all vendors' configurations were identical. Cabletron Systems 
Inc. {Rochester, N.H.) was unable to... 
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. . . a single provider. 

The DiffServ group defines PHBs that allow IP QoS to scale in service 
provider backbones and to integrate with pre-existing LAN QoS at border 
routers. IP QoS uses the mechanisms developed for ATM QoS , while adding 
some new mechanisms specific to IP It allows service providers to offer new 
services to their customers, while its ATM heritage simplifies QoS 
i nee rwor king in hybrid IP-ATM networks. 

Implementation of Differentiated Services Per-Hop Behaviors 



PHB Input Policing Output Congestion 

Scheduling Management 
Best Effort None Lowest priority 

Most likely to be 

queuing dropped 



Assured Police on sus- In-C 

Forwarding trined and burst 

raues. Burst and Burs 
ouc-of-conn ract 
packets 
Like Best Effort 
marked. 
Expedited Police on 

Won't be dropped 
Forwarding sustained rate. 

Out-of -contract 
packets are 
dropped . 
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queuing. {Traffic 
is also shaped. ) 



38/3, K/16 (Item 9 from file: 16) 

DXALOG(R) File 16:Gale Group PROMT(R) 



(c) 2004 The Gale Group. All rts. reserv. 



05658772 Supplier Number: 50117590 {USE FORMAT 7 FOR FULLTEXT) 
IP TELEPHONY: OPS HANDICAP ITS CHANCES 

Multichannel News, vl9, n23, p3A 
,7'jne 3, 1998 

I^anguage: English Record Type: Fulltext 
Article Type: Article 

Document Type: Magazine/ Journal ; Trade 
Word Count : 4 64 9 

... Yes. Today, you can't assign bandwidth on a per-modem basis. All of 

the traffic generated in the modem needs to be assigned with high or low 
priority . You cannot tier services with today's modems. 

Data traffic, for example, will be handled differently than 
computer-voice traffic. What the QOS will allow us to do is to have what 
we call multiple identified packets , by service type. Via that 
Liienci fication, we can tell the system that this packet is a voice 
packet , and I need a high priority , versus a data packet that may 
r :V'. c: lower priority . It will allow us to do packet classifications, 
.so lUa'c we could do constant bit rate, or have just best-effort traffic in 
Lhere . 

One of the other components with voice that is unique is that it is 
also very sensitive to jitter. So not only do we have to transfer the 
packet within a time frame, but the variations of timing between packets 
have to be constant, so that the system can understand it. 

Most of this . . , 



38/3, K/17 (Item 10 from file: 16) 

DIALOG (R) File 16: Gale Group PROMT (R) 

(c) 2004 The Gale Group. All rts. reserv. 

05610630 Supplier Number: 48489089 (USE FORMAT 7 FOR FULLTEXT) 
Ready, set, Go 

Armitage, Vikram Karmarkar; Grenville 
Telephony, pN/A 
May 18, 1998 

Language: English Record Type: Fulltext 
Document Type: Magazine/ Journal ; Trade 
Word Count : 2037 

... security and perhaps even offering some firewall protection. 

Data in a class by itself A routing system must perform three basic 
i:asks to deliver differentiated QOS levels: classification, queuing and 
h-'-^d'i 1 ing . Classification must happen first so that packets with high 
priority aren't stashed temporarily behind lower - priority ones. 
,V:Ojlnq keeps groups of packets belonging to the same message or the same 

; ow Logether. And scheduling ensures that each customer and its internal 
groups get the guaranteed bandwidth, that... 
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. . . to address this issue of burst management." 

So what's the real difference between Alteon 's flavor of Layer 4 and 
Yago's Layer 4 QoS ? Lo says it's that Yago's MSR switch line doesn't 



::a:,^:;Q tihe packet sessions; it merely determines whether to peg the 

I'Axiz as high or low priority . "It doesn't map each session to a 
: '-!jiar connection, so it cannot do server load-balancing or firewalling 
r-y sessions," according to Lo . 
For . . . 
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. . . bandwidth for each stream. 

IP over Sonet requires PPP, which does not have any provision for 
bandwidth management. The IP Layer has to schedule its packet 
transmissions to ensure that each information flow receives its fair share 
of link bandwidth. IP-level packet scheduling presents problems for slow 
links, in which the transmission of a large packet belonging to a low - 
priority flow, such as a f i le- transfer block, can stall the transmission 

high - priority flow, such as a voice packet . For example, in the 
: . wide-area corporate intranets will most likely run their telephone 
v.xrks over the same channels as their data networks. The... 

. . .essential as voice transmission requires a constant stream that cannot 
be blocked by data traffic in tight bandwidth situations. 

ATM provides a rich set of Quality of Service parameters, as well 
as intelligent queuing and scheduling mechanisms in the switches, to ensure 
negotiated QoS. On the other hand, PPP does not provide any. . . 
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... as Tpsilon Flow Mapping Protocol or Cisco Systems Inc.'s 

* : : - 'Vv : i .-h 1 nq protocol. Kennedy said that class-of -service standards 

. '.wo simple classes of high and low - priority traffic, but do 

* • oul how to distribute fairness inside a priority class. 

r-err-iTlow queuing answers the problem by abandoning all traditional 
KIFO architectures, and assigning all IP packet flows to separate queues. 
Queues get assigned to class-of -service groups of queues, and each of the 
queue group is assigned a weight. Flows that exceed QoS thresholds are 
tagged, and designers can implement their own policing algorithms to 
control the traffic, though MMC also will implement different traffic 
policing methods. 

MMC . . . 
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ABSTRACT: 

...costs between $300 and $400 per port. A NetlCs official states that the 
switches are multimedia-ready. The switches also have a feature called 
Priority Quality of Service (PQoS) . This feature, which enables the 
switches to give priority to latency-sensitive packets , allows users to 
define packets as high -or low - priority by media access control 
(MAC) address, conversion pairs, or by the 3Com Corp. technology. Priority 
Access Control Enabled (PACE). The PQoS switches can be used... 
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... has strict latency requirements. In a mixed voice and data packet 

network, the key challenge is to ensure low latency for voice while 
handling data packets as efficiently as possible. In other words, 
.carriers shouldn't penalize the data by carrying voice or degrade voice 
quality by carrying data. A number... 

...be adopted to optimize this balance: 

- Packet prioritization. A service provider can assign a priority to 
an individual packet by manipulating a label in the packet header. 
Higher - priority packets gain the right to "bump" lower priority 
packets in order to get to the top of the queue. Significant work is 
underway to bring guaranteed QOS to packet networks, specific schemes 
include multiprotocol label switching. Applying the highest priority to 
voice packets ensures that these packets receive the highest 
priority from the network element resources. 

- Latency management. Larger packets take more time to process onto 
t'.-/r\r^l links uhan smaller packets . No matter what size it is, once a 

r has been passed from the queue to the link, it's gone. If this were 
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... video feed, and until recently, Ethernet did not. 

Now that's changed. Gigabit Ethernet switch manufacturers are 
nt-.jinriing to support the 802. Iq standard for QoS , which, if it works 
nqhc, should ensure that high - priority traffic gets preference over 

'^'::iec craffic. 

The ability to define high - priority traffic is important on a busy 
necwork. Should a portion of the backbone become oversubscribed, the 
switches on that segment should discard low - priority data packets 
while ensuring that the higher - priority traffic passes along the 
necwork unscathed. 

One of the objects of our testing is to ensure that the goals of QoS 
are actually met. To do this, we used an MPEG-2 codec from Optivision on 
each end of our backbone, and used the devices to... 
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. . . security and perhaps even offering some firewall protection. 

Daua in a class by itself 

A routing system must perform three basic tasks to deliver 
rii L i erenciaced QOS levels: classification, queuing and scheduling, 
i ' ; jssi L ica t ion must happen first so that packets with high priority 
aren't scashed temporarily behind lower - priority ones. Queuing keeps 
groups of packets belonging to the same message or the same flow 
together. And scheduling ensures that each customer and its internal groups 
get the guaranteed bandwidth, that... 
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... go to the same address. 

The bottom line is that the guesswork employed in these prioritization 
schemes doesn't solve the basic problem: getting acknowledgment packets 
back to the sender without delay. Moreover, their focus on high - priority 

'irarric throughput necessarily neglects the so-called low - priority 
•:Mfiic. Yet when low - priority traffic is delayed sufficiently, its 
. • ;ers will also retransmit, further increasing network load and 
: L'- -^nr. iaily causing timeouts or a congestion collapse. 

Since connectionless environments can't provide preferential treatment 
i:or acknowledgments, how can they provide adequate prioritization for other 
kinds of traffic (e.g.. Quality of Service )? This is one of the issues 
that drove ATM to adopt a connection-based network. Meanwhile, 
prioritization in connectionless environments remains an open research 
problem . . . 
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...TEXT: services as Diffserv (differentiated services), IP precedence, 
MPLS (multiprotocol label switching), RSVP (resource reservation protocol), 
and 802. Ip are helping improve things on the IP QOS front (seeTable 2). 



QOS , CONTINUED 



To process different priority levels, a switch or router must be 
constructed with multiple queues for every port. Queues are like holding 
tanks for the various priority levels, and when there's more than one, 
higher - priority packets can be prioritized and moved ahead of traffic 
assigned a lower priority level. 



•■ Mna'-ely, many switches and rout 

' /-cnqescion, all packets begin 

jooci as far as video is concern 
■ ; L f' s so... 



ers have single queues only. When 
lining up in the same queue-which 
ed. So try to upgrade switches and 
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...TEXT: has strict latency requirements. In a mixed voice and data packet 
network, the key challenge is to ensure low latency for voice while 
handling data packets as efficiently as possible. In other words, 
carriers shouldn't penalize the data by carrying voice or degrade voice 
quality by carrying data. A number... 



...Illustration Omitted) 



Captioned as: FIGURE 2 



'■ : i ori uizat ion . A service provider can assign a priority to an 

:. : : V : i packet by manipulating a label in the packet header. Higher 
-~ priority packets gain the right to "bump" lower priority packets 

::. order co get to the top of the queue. Significant work is underway to 
r.L.inq guaranteed QOS to packet networks, specific schemes include 
multiprotocol label switching. Applying the highest priority to voice 

packets ensures that these packets receive the highest priority 

from the network element resources. 



Latency management. Larger packets take more time to process onto 

physical links than smaller packets . No matter what size it is, once a 

packet has been passed from the queue to the link, it's gone. If this were 
a . . . 
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...TEXT: to control TCP. Several vendors told us our capabilities were more 
advanced than their internal testing mechanisms and gave them a deeper 
understanding of how QOS works. 

TIME AND PUNISHMENT 

We conducted four sets of tests. First, we offered steady-state traffic and 
cook baseline measurements of forwarding rate with no... 

.^ablecron and Cisco), destined for the same number of ports on the other 
- :e of the backbone link. Nine of these 27 sessions transferred high- 
priority P0P3 (post office protocol version 3) data over TCP port 110; 

zh^, balance were low- priority HTTP sessions using TCP port 80. Both 
highand low - priority sessions transferred 1 Mbyte of TCP data over 

the backbone. 

Because traffic from 10 fast Ethernet ports is theoretically capable of 
being carried by a... Ethernet backbone. 

To find out if QOS can help, we headed back to the test bed. This time we 
asked vendors to enable QOS so high - priority traffic would receive four 
times the bandwidth of low priority . Then we offered the switches the 
same load as in the prior round: nine highpriority and 18 low - priority 
TCP sessions to each of 16 inbound ports. 

We were mainly interested in determining if forwarding rates for 
highpriority traffic improve with QOS enabled. We also were curious to see 
what would happen to low - priority trafficwould switches deliver a 4:1 
ra tio? 

Activating QOS made a difference for all switches-but there were big 
variations. Lucent's Cajun pushed high -priority packets at 426 kbyte/s, 
even faster than when we baselined with 10 fast Ethernet ports. 3Com's 
Corebuilder really picked up speed, moving traffic at an average of 271 
kbyte/s per session-near ly twice as fast as its results without congestion 
^Kr.i nearly tive times faster than it moved packets with congestion but 
>. . • r.DLjr QOS enabled . 

'-iO J ron, Cisco, and Extreme were all more sluggish with QOS enabled than 
I r.ey were with no QOS and no. . - 

... Cisco's results posed a major concern for us: WRED substantially slowed 
low-priority traffic while only marginally speeding transfers for 
highpriority packets. Indeed, low- priority sessions took more than four 
times longer to complete with WRED enabled, while high- priority sessions 
moved only 30 percent faster than they did without WRED turned on. Cisco 
says WRED is doing what it's supposed to. But we noticed that Cisco's 
switches dropped large amounts of low - priority traffic, even after we'd 
stopped transmitting high - priority sessions. We suspect that's because 
^:ne WRED implementation in the Catalyst 5505 uses only one queue per output 
r^^rr, regardless of priority level. Since we continually kept the queue 
low - priority traffic was continually dumped. 

:.'jjenL moved low - priority sessions the fastest, but the ratio was more 
iks 5:2. Extreme also pushed low - priority traffic relatively quickly, 
but the ratio between high - and low - priority sessions was more like 
2 : 1 than 4:1. 
THE SINGLES- SCENE 



Thus far we've only looked at average forwarding rates. But as we. 



... what: we found. Cabletron's SmartSwitch took an average of 43, 000 
::. i ] J iseconds per session to transfer 1 Mbyte of high-priority TCP data with 
QOS enabled. But the difference between the shortest and longest session 
was nearly 12,000 msnearly 30 percent. Extreme's Summit4 also exhibited a 
variation of 10 percent. The good news is that most switches show less 
variation in high- priority sessions than for other traffic. 

Packet traces of individual outbound ports were equally revealing. If a 
switch comes close to attaining a 4:1 ratio, the natural assumption is that 
each port would receive four high - priority packets, followed by one 
low - priority packet. In other words, we expected to see interleaving at 
• packet level . 

But we saw something more like interleaving at the TCP window level: one 
window (45 packets) of high - priority traffic, followed by 45, 90, or 
even 135 packets of low - priority traffic. This is a problem for two 
reasons. It nearly reverses the desired 4:1 ratio, and high - priority 

packets get stuck behind lots of low - priority traffic. And that leads 
to latency; an app could time out in the time it takes to send even one 
window's worth of low - priority traffic. 

There's another hidden problem. Everything may look OK on the backbone, 
where the traffic from 16 outbound ports is flowing together. But pull... 
r'^^al-cime voice, video, and multimedia. Jitter-the variation in delay-is 
; . -• 'v^y for voice and video. We generated two 64 -kbyte bursts of high 
: . I iLy P0P3 traffic to each of 10 ports in parallel. We also offered 
: . .^w-priority steady-state Web sessions to the 10 ports. And... 



. . , the same amount of time to 
priority. Note that all switches 
perpacket latency of low - priority 



get through the switch, regardless of 
except Cisco's significantly increased 
traffic when QOS was enabled. 



ALL SHOOK UP 

We also measured jitter for high - and low - priority traffic {see 
Figure 3). Cisco's switches were far and away the most consistent with QOS 
enabled, posting variations of just 73 ps and 62 , us for high - and low - 

priority packets. Lucent's 56-ps jitter was the lowest we recorded. 

Vibletron's SmartSwitch Router 2000 exhibited more jitter on high - 

priority sessions than low. 
One very disturbing result for all vendors except Cisco is that jitter is 
far higher with QOS enabled. In the case of Extreme 's Summit4, for 
example, jitter for high - priority traffic jumps from 10 its to 210 gis 
when QOS is enabled. It's even worse with low -priority traffic; there, 
jitter jumps from 7 ps without QOS to 2,297 ps with QOS enabled. 

To put these results in perspective, even the highest jitter recorded, 
Cabletron's 4 ms, is still a trifling amount for most apps . But... link, 
since we offered traffic from 16 ports through a pipe capable of servicing 
a maximum of 10. We also designated two classes of traffic, high and low 
: rir^riry, with a different TCP port number assigned to each. We offered a 
' ' : . '■' sessions to each port-nine of high... 

. . . riy^'r:i^d vendors to enable their QOS capabilities and ran the same 
'•'-Increments once more, this time noting forwarding rate and variation in 
session times for high - and low - priority traffic. 

In the tests involving bursty traffic, we asked vendors to configure their 
switches so that high - priority traffic would receive four times the 
bandwidth of low - priority sessions. We then offered each client port a 
burst of 64 kbytes of high - priority TCP data, followed by a gap of 300 
milliseconds, followed by another 64-kbyte burst. At the same time, we also 
offered each client port five steady-state streams of low - priority 
sessions, each comprising 256 kbytes of TCP data. We measured latency for 
each packet of all high - and low - priority sessions, and used standard 
deviation of latency to calculate jitter. 



Not all vendors' configurations were identical. Cabletron Systems Inc. 



{Rochester, N.H.) was unable to. 
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...TEXT: to configure their software to ask for the best possible service 
.R'j'-^^l. Administrators would probably need to establish rules for users and 
: • : '-^ ^r s f^ven configure QoS on a per-user basis. 



riaca is prioritized using implicit or explicit techniques, queues and 
.-j'ieuing algorithms are used to provide the appropriate or desired QoS . 

Queues, which are simply areas of memory within a router or switch, are set 
up to contain different priority packets . A queuing algorithm determines 
the order in which packets stored in the queues are transmitted. The idea 
is to give better service to high - priority traffic while ensuring, to 
varying degrees, that low - priority packets get some service. 
The graphic on page 37 shows basic implicit and explicit QoS systems. A 
queuing algorithm dictates that the queues are serviced on a roundrobin 
basis. The algorithm specifies the transmission of two packets from Queue 
1 (the high - priority queue) for every one packet transmitted from 
Queues 2 and 3. Same-priority packets are transmitted from within each 
queue on a first in, first out {FIFO) basis. 

If congestion occurs, the queuing system does not guarantee crucial data 
will reach its destination in a timely manner; it only ensures that 
high-priority packets will get there before lowpriority packets . 

More sophisticated QoS systems solve this problem with bandwidth 
reservation systems, which assign prespecified amounts of bandwidth to 
individual queues or groups of queues. This ensures that bandwidth is 
always available for a high - priority queue. QoS is guaranteed unless 
'he da'ca in a queue exceeds the amount of reserved bandwidth. If this 
i: r t>'-r,s , the algorithms usually allow bandwidth from low - priority 
: :-v.-;s LO service high - priority traffic, and vice-versa. 

r;c=sic queuing algorithms transmit packets from the same queue in a FIFO 
order. Large frames associated with a high - priority file transfer may 
delay a transaction processing application that passes small amounts of 
data, even though packets from both applications are classified as high 
priority . 

More sophisticated queuing algorithms attempt to be fairer. For example, 
Cisco's weighted fair queuing (WFQ) differentiates among bandwidth-hogging 
applications and those that need. . . 
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...TEXT: expansion. This feature prevents buffer overflows and 
: ec ransmission delays. 

Class Of Service 

WicieBand supports a class of service feature similar to that of ATM. Every 
packet loaded onto a WideBand network is assigned a class of service 
level. Data with a high priority is delivered across networking 

r^so'jrces before data of a lower priority . Utilizing this method, high 
priority daca can be delivered in a timely fashion, even on very busy 
'w : ks , while low - priority , time consuming applications, such as 
r>-^-_'::t editing of large databases, can operate at the full network bandwidth 
rivailabie, without interfering with crisp and reliable performance for 
otner, higher - priority users. 
Quality Of Service 

WideBand provides Quality of Service . Certain types of data require 
on-time delivery. Video, for example, if not delivered precisely on time, 
becomes jerky. When interspersing streaming data such as... 
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...TEXT: starvation when higher-class traffic exceeds the available 
bandwidth. This problem has the potential to escalate into serious 
congestion as the source retransmits delayed IP packets . 

Advanced traffic management avoids bandwidth starvation by allowing a 
service provider to assign each service class a minimum bandwidth 
guarantee. This reduces the QOS effect on lower - priority traffic of 
che temporary presence of excess higher - priority traffic, just as some 
discount fare seats are available on all flights. A common pool of 
bandwidth can be set aside and shared on a... 
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...TEXT: control you need to expedite certain types of traffic. For 
example, with a prioritization scheme in place, you can define SAP R/3 
traffic as high priority so it will be forwarded before PointCast and 
other low - priority traffic. And if packets must be dropped because of 
congestion, the low - priority packets will be dropped first. For 

organizations that need to control latency, there are more elaborate QoS 
schemes, such as those supported by ATM and the Resource Reservation 
Protocol (RSVP) . These QoS schemes give you control of bandwidth, 
latency and accuracy levels (meaning which packets get tossed in case of 
•'■r. TGStion ) . RSVP is capable of ensuring that... 
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...TEXT: be most unique about the switches-aside from their price- is that 
they are multimedia-ready, Vacon said. NetlCs has developed a feature 
called Priority Quality of Service (PQoS) that allows the switches to 
give priority to latencysensit ive packets such as voice and video. 

With PQoS, users can define packets as high -or low - priority based 
media access control (MAC) address or conversation pairs, or via 3Com 
* ' ^ . ' -s Priority Access Control Enabled (PACE) technology. PACE lets net 
•' : :^ :s run real-time voice and video applications over switched lOM and 
*^ :...:,/sec Ethernet links by ensuring delaysensitive traffic gets a 
hxgher transmission priority . 

"We don't think you need cells for multimedia," Vacon said, referring to 
the common but diminishing belief that ATM is the only way to... 
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... load. Because of Accelar's shared memory architecture, the switch 

latency remains constant regardless of load or port configuration. 

y, I nested the switch's QoS { Quality of Service ) 

ir^s. Using two ports to oversubscribe a third, I tested its 
y ::ueuing mechanism. I offered varying loads of low - and high - 
priority r.raffic, and in all cases the Accelar forwarded 100 percent of 
■ : high - priority traffic without any packet loss. 

I applaud Nortel's decision to include support for eight hardware- 
based priority queues in the 8600 architecture. The vendor's support for 
eight classes of service allows for a significant amount of QoS 
granularity in the enterprise backbone. 

The icing on the cake for the Accelar 8600 is its aggressive 
pricing. Nortel has taken huge strides toward making... 
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... services as Diffserv ( differentiated services), IP precedence, 

MPLS (multiprotocol label switching), RSVP (resource reservation 
protocol), and 802. Ip are helping improve things on the IP QOS front 
(seeTable 2} . 

QOS , Continued 

7: process different priority levels, a switch or router must be 
':.r:su rucced with multiple queues for every port. Queues are like holding 
' anks for che various priority levels, and when there's more than one, 
higher - priority packets can be prioritized and moved ahead of traffic 
assigned a lower priority level. 

Unfortunately, many switches and routers have single queues only. 
When there's congestion, all packets begin lining up in the same queue 
-which isn't good as far as video is concerned. So try to upgrade switches 
and routers so . . . 
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... the cechnology. The onfering also is currently in trials at more 

• ;. ' 0 fjuscorners Worldwide. 

The produce received a mixed reaction from resellers. 

"(Stinger's) QoS and packet prioritization features are what it 
takes to do voice-over-DSL deployments, " said Jeff Carnegie, president of 
Carnegie Technical Inc., a San Diego-based VAR, adding the product's 
release was an inevitable step. "But I don't believe any of the routers on 
the market support QoS . And, regarding DSL quality, the router's ability 
to differentiate between high - priority and low - priority packets 
is key, " he said. 

"This is not a channel product," said Randy Wear, principal of 
Decisions Systems Plus Inc., a Rosemont, 111. -based VAR. "An... 
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... 2000 analyzers from Netcom Systems Inc. (Chatsworth, Calif.) 

running TCP/IP code developed especially for this test (see "Test 
Xeiihcdoiogy" ) . The new code cimestamps every packet it sends and 
receives with 100- nanosecond accuracy, giving us an unprecedented view of 
uhe workings of the QOS mechanisms intended to control TCP. Several... s 
results posed a major concern for us: WRED substantially slowed 
low-priority traffic while only marginally speeding transfers for 
high-priority packets. Indeed, low- priority sessions took more than four 
times longer to complete with WRED enabled, while high- priority sessions 
moved only 30 percent faster than they did without WRED turned on. Cisco 
says WRED is doing what it's supposed to. But we noticed that Cisco's 
switches dropped large amounts of low - priority traffic, even after 
we'd stopped transmitting high - priority sessions. We suspect that's 
because the WRED implementation in the Catalyst 5505 uses only one queue 
ter oucpuc port, regardless of priority level. Since we continually kept 
'.v.ewe full, low - priority traffic was continually dumped. 

. - r!' :noved low - priority sessions the fastest, but the ratio 
'.r- :u .re like 5:2. Extreme also pushed low - priority traffic relatively 
;:icr'.;-y, buc the ratio between high - and low - priority sessions was 
more like 2:1 than 4:1. 



The Singles Scene 

Thus far we've only looked at average 
real-time voice, video, and multimedia, 
also key for voice and video. 



forwarding rates. But as we... 
Jitter-the variation in delay-is 



We generated two 64 -kbyte bursts of high -priority P0P3 traffic to 
'-^acn of 10 ports in parallel. We also offered five low-priority steady 
-scace Web sessions to the 10 ports. And... 

...same amount of time to get through the switch, regardless of priority. 
Note that all switches except Cisco's significantly increased per-packet 
latency of low - priority traffic when QOS was enabled. 

All Shook up 

We also measured jitter for high - and low - priority traffic 
{see Figure 3). Cisco's switches were far and away the most consistent 
with QOS enabled, posting variations of just 73 microseconds and 62 
microseconds for high - and low - priority packets. Lucent's 56- 
" ■ roseconds jitter was the lowest we recorded. Cabletron 's SmartSwitch 

2 000 exhibited more jitter on high - priority sessions than low. 

C;n.e very disturbing result for all vendors except Cisco is that 
ji Lcer is far higher with QOS enabled. In the case of Extreme's Summit4, 
for example, jitter for high - priority traffic jumps from 10 
microseconds to 210 microseconds when QOS is enabled. It's even worse with 

low -priority traffic; there, jitter jumps from 7 microseconds without 
QOS to 2,297 microseconds with QOS enabled. 

To put these results in perspective, even the highest jitter 
recorded, Cabletron 's 4 ms, is still a trifling amount for most apps. But 
...link, since we offered traffic from 16 ports through a pipe capable of 
servicing a maximum of 10. We also designated two classes of traffic, 
high and low priority, with a different TCP port number assigned to each. 
We offered a total of 27 sessions to each port-nine of high. . . 

...asked vendors to enable their QOS capabilities and ran the same 
measurements once more, this time noting forwarding rate and variation in 
session times for high - and low - priority traffic. 



V In the tests involving bursty traffic, we asked vendors to 

':Dn figure their switches so that high - priority traffic would receive 
rour times the bandwidth of low - priority sessions. We then offered 
each client port a burst of 64 kbytes of high - priority TCP data, 
followed by a gap of 300 milliseconds, followed by another 64-kbyte burst. 
At the same time, we also offered each client port five steady- state 
streams of low - priority sessions, each comprising 256 kbytes of TCP 
data. We measured latency for each packet of all high - and low - 
priority sessions, and used standard deviation of latency to calculate 
jitter . 

Not all vendors' configurations were identical. Cabletron Systems 
(Rochester, N.H.) was unable to... 
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... video feed, and until recently, Ethernet did not. 

Now that's changed. Gigabit Ethernet switch manufacturers are 
beginning to support the 802. Iq standard for QoS , which, if it works 
right, should ensure that high - priority traffic gets preference over 
other traffic. 

The ability to define high - priority traffic is important on a 
busy network. Should a portion of the backbone become oversubscribed, the 
switches on that segment should discard low - priority data packets 
while ensuring that the higher - priority traffic passes along the 
ner. work unscathed. 

or che objects of our testing is to ensure that the goals of 
QoS are actually met. To do this, we used an MPEG-2 codec from Optivision 
each end of our backbone, and used the devices to. . . 
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to address this issue of burst management." 



So what's the real difference between Alteon' s flavor of Layer 4 
and Yago's Layer 4 QoS ? Lo says it's that Yago's MSR switch line doesn't 
inanage the packet sessions; it merely determines whether to peg the 
traffic as high or low priority . "It doesn't map each session to a 
r>'! rt icular connection, so it cannot do server load-balancing or 



^ Lirewalling by sessions," according to Lo. 



For . . . 
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... to as Layer 4 switching is the assignment of Quality of Service 

or Class of Service (QoS or CoS) to a particular application so that 
packets for the application can be queued according to the 
Mser-designated application priority. Once queued, these packets are 
Si: ill forwarded to the destination port based on the destination L2 or L3 
address in the packet headers. 

In general, enforcing QoS or CoS can require a complex set of rules 
involving many different criteria, such as source and destination 
addresses (L2 and L3), the application type... 

. . . frames that originate from a server IP address designated for another 
server IP address can be classified as "server-to-server" traffic and 
assigned a lower priority than client-to-server traffic. Or 
interactive applications like HTTP might be assigned a higher priority 

than bulk file transfer. Or a video application might include an 
explicit priority for every frame, giving MPEG I frames a higher 
priority than B or P frames, because their loss would have a more 
;:a:naqing effect on the video stream. 

Supporting flexible QoS on a switch requires consideration in terms 
of uhe number of bytes within each packet the switch must examine to 
determine a criterion match, and. . . 
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... as Ipsilon Flow Mapping Protocol or Cisco Systems Inc.'s 

tag-switching protocol. Kennedy said that class- of-service standards 
specify two simple classes of high - and low - priority traffic, but do 
not set out how to distribute fairness inside a priority class. 

Per-flow queuing answers the problem by abandoning all traditional 
FIFO architectures, and assigning all IP packet flows to separate 
':':eL:es . Queues get assigned co class-of -service groups of queues, and each 
or uhe queue group is assigned a weight. Flows that exceed QoS 
thresholds are tagged, and designers can implement their own policing 
algorithms to control the traffic, though MMC also will implement 
different traffic policing methods. 



MMC. 
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. . . -lo be clarified. 

'ihe ATM Forum standards allow for negotiation of a traffic contract 
: .: a Coll setup. There are at least two types of quality of service 

:L-:i.ned, Knowing these, it is very difficult to price low - and high - 
priority traffic at the same rate; moreover, when TCP/IP traffic like 
File Transfer Protocol traffic is going over ATM, a loss of a single cell 
in a frame could cause a retransmission of long packets . In this case, 
the user will of course not pay for the retransmission. Yet, the carrier 
thinks that there was only one cell lost. As... 
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